New encrypting tunnel seems to work !

[userv-utils] / ipif / mech-pkcs5.c

diff --git a/ipif/mech-pkcs5.c b/ipif/mech-pkcs5.c
index 6ff35cd..df4d918 100644 (file)
--- a/ipif/mech-pkcs5.c
+++ b/ipif/mech-pkcs5.c
@@ -58,11 +58,11 @@ static const char *mdec_pkcs5(struct mechdata *md, struct buffer *buf) {
   unsigned padlen;
   int i;
 
-  BUF_UNPREPEND(padp,buf,1);
+  BUF_UNAPPEND(padp,buf,1);
   padlen= *padp;
-  if (!padlen || (padlen & ~md->mask)) return "invalid length";
+  if (!padlen || (padlen > md->mask+1)) return "invalid length";
 
-  BUF_UNPREPEND(padp,buf,padlen-1);
+  BUF_UNAPPEND(padp,buf,padlen-1);
   for (i=0; i<padlen-1; i++)
     if (*++padp != padlen) return "corrupted padding";