mirror of https://github.com/FreeRDP/FreeRDP
core: Fix array overrunning during FIPS keys generation
p is 20 and r is 1 in the last iteration of fips_expand_key_bits, which means that buf[21] is read (of BYTE buf[21];). However, the value is not needed, because it is consequently discarded by "c & 0xfe" statement. Let's do not read buf[p + 1] when r is 1 to avoid this.
This commit is contained in:
parent
2b320ea0fc
commit
0389cb129e
|
@ -524,9 +524,9 @@ static void fips_expand_key_bits(BYTE* in, BYTE* out)
|
|||
p = b / 8;
|
||||
r = b % 8;
|
||||
|
||||
if (r == 0)
|
||||
if (r <= 1)
|
||||
{
|
||||
out[i] = buf[p] & 0xfe;
|
||||
out[i] = (buf[p] << r) & 0xfe;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue