From: red-001 <red-001@outlook.ie>
Date: Tue, 26 Jun 2018 08:02:26 +0000 (+0100)
Subject: Fix buffer overrun in SRP (#7484)
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=85ce23b165839041a238af69ef8ea9a3345505be;p=oweals%2Fminetest.git

Fix buffer overrun in SRP (#7484)

The old code got a pointer to the array instead of the first element, this resulted in a buffer overflow when the function was used more than once.
---

diff --git a/src/util/srp.cpp b/src/util/srp.cpp
index f27f4f3f9..af68d6f54 100644
--- a/src/util/srp.cpp
+++ b/src/util/srp.cpp
@@ -612,7 +612,7 @@ SRP_Result srp_create_salted_verification_key( SRP_HashAlgorithm alg,
 			if (fill_buff() != SRP_OK) goto error_and_exit;
 		*bytes_s = (unsigned char *)srp_alloc(size_to_fill);
 		if (!*bytes_s) goto error_and_exit;
-		memcpy(*bytes_s, &g_rand_buff + g_rand_idx, size_to_fill);
+		memcpy(*bytes_s, &g_rand_buff[g_rand_idx], size_to_fill);
 		g_rand_idx += size_to_fill;
 	}