projects
/
u
/
mdw
/
putty
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Security fixes, copied from ssh.c: check string length versus packet
[u/mdw/putty]
/
sshrand.c
diff --git
a/sshrand.c
b/sshrand.c
index
17ef6e3
..
e739113
100644
(file)
--- a/
sshrand.c
+++ b/
sshrand.c
@@
-52,8
+52,8
@@
void random_add_noise(void *noise, int length) {
pool.incomingpos = 0;
}
pool.incomingpos = 0;
}
- memcpy(pool.incomingb, p, length);
- pool.incomingpos = length;
+ memcpy(pool.incomingb
+ pool.incomingpos
, p, length);
+ pool.incomingpos
+
= length;
}
void random_stir(void) {
}
void random_stir(void) {
@@
-121,7
+121,7
@@
void random_stir(void) {
* there'll be some extra bizarreness there.
*/
SHATransform(digest, block);
* there'll be some extra bizarreness there.
*/
SHATransform(digest, block);
- memcpy(
digest, pool.incoming
, sizeof(digest));
+ memcpy(
pool.incoming, digest
, sizeof(digest));
pool.poolpos = sizeof(pool.incoming);
}
pool.poolpos = sizeof(pool.incoming);
}
@@
-137,8
+137,8
@@
static void random_add_heavynoise(void *noise, int length) {
pool.poolpos = 0;
}
pool.poolpos = 0;
}
- memcpy(pool.pool, p, length);
- pool.poolpos = length;
+ memcpy(pool.pool
+ pool.poolpos
, p, length);
+ pool.poolpos
+
= length;
}
void random_init(void) {
}
void random_init(void) {