From 85ce23b165839041a238af69ef8ea9a3345505be Mon Sep 17 00:00:00 2001 From: red-001 Date: Tue, 26 Jun 2018 09:02:26 +0100 Subject: [PATCH] Fix buffer overrun in SRP (#7484) The old code got a pointer to the array instead of the first element, this resulted in a buffer overflow when the function was used more than once. --- src/util/srp.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/srp.cpp b/src/util/srp.cpp index f27f4f3f9..af68d6f54 100644 --- a/src/util/srp.cpp +++ b/src/util/srp.cpp @@ -612,7 +612,7 @@ SRP_Result srp_create_salted_verification_key( SRP_HashAlgorithm alg, if (fill_buff() != SRP_OK) goto error_and_exit; *bytes_s = (unsigned char *)srp_alloc(size_to_fill); if (!*bytes_s) goto error_and_exit; - memcpy(*bytes_s, &g_rand_buff + g_rand_idx, size_to_fill); + memcpy(*bytes_s, &g_rand_buff[g_rand_idx], size_to_fill); g_rand_idx += size_to_fill; }