From 47f33e07ff90b557cfa96999e921d35ea537ca80 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 6 Oct 2012 16:53:43 +0200 Subject: [PATCH] Fix off-by-one error. Apart from writing 1 byte beyond an array allocated on the stack, this slipped an unitialized byte in the seed used for key generation. --- src/sptps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sptps.c b/src/sptps.c index b907dadf..3b9498c7 100644 --- a/src/sptps.c +++ b/src/sptps.c @@ -209,7 +209,7 @@ static bool generate_key_material(sptps_t *s, const char *shared, size_t len) { memcpy(seed + 13, s->hiskex + 1, 32); memcpy(seed + 45, s->mykex + 1, 32); } - memcpy(seed + 78, s->label, s->labellen); + memcpy(seed + 77, s->label, s->labellen); // Use PRF to generate the key material if(!prf(shared, len, seed, s->labellen + 64 + 13, s->key, keylen))