diff options
| author | jsing <> | 2015-10-21 16:36:50 +0000 | 
|---|---|---|
| committer | jsing <> | 2015-10-21 16:36:50 +0000 | 
| commit | 5bfa54bf57c9fe322705272ef6828f70c873d9de (patch) | |
| tree | d9ddeefeaea4e28bd9fe864f51bf2a6bfef681f5 /src/lib/libc/net/inet_addr.c | |
| parent | 620677b2340697a41ad69a37d94dd1ad52b47455 (diff) | |
| download | openbsd-5bfa54bf57c9fe322705272ef6828f70c873d9de.tar.gz openbsd-5bfa54bf57c9fe322705272ef6828f70c873d9de.tar.bz2 openbsd-5bfa54bf57c9fe322705272ef6828f70c873d9de.zip | |
In the case where len is not a multiple of sizeof(RC4_CHUNK) the RC4 code
will end up doing a read and write of up to 7 bytes beyond the specified
length. This is effectively a non-issue since we read and write back the
same data and due to alignment it is within a page boundary.
Regardless, avoid this by removing the "special" handling for the remaining
length and allow the standard (non-chunk) code to process the remaining
bytes, which does not result in overrun.
Reported by Pascal Cuoq <cuoq at trust-in-soft.com> - thanks!
ok beck@ miod@
Diffstat (limited to 'src/lib/libc/net/inet_addr.c')
0 files changed, 0 insertions, 0 deletions
