From: red-001 Date: Tue, 26 Jun 2018 08:02:26 +0000 (+0100) Subject: Fix buffer overrun in SRP (#7484) X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=85ce23b165839041a238af69ef8ea9a3345505be;p=oweals%2Fminetest.git Fix buffer overrun in SRP (#7484) The old code got a pointer to the array instead of the first element, this resulted in a buffer overflow when the function was used more than once. --- diff --git a/src/util/srp.cpp b/src/util/srp.cpp index f27f4f3f9..af68d6f54 100644 --- a/src/util/srp.cpp +++ b/src/util/srp.cpp @@ -612,7 +612,7 @@ SRP_Result srp_create_salted_verification_key( SRP_HashAlgorithm alg, if (fill_buff() != SRP_OK) goto error_and_exit; *bytes_s = (unsigned char *)srp_alloc(size_to_fill); if (!*bytes_s) goto error_and_exit; - memcpy(*bytes_s, &g_rand_buff + g_rand_idx, size_to_fill); + memcpy(*bytes_s, &g_rand_buff[g_rand_idx], size_to_fill); g_rand_idx += size_to_fill; }