rc4: Round up output buffer size.

valgrind indicated that RC4() writes beyond the end of the output buffer which
was was of the same size than the input buffer. Workaround this by rounding up
the output buffer size to a multiple of 8.

diff --git a/net.c b/net.c
index c5f33c822164195615d7f8f318f22a3f1d43a79f..3dcd9c0be5884f59293d012c3e117ea61b83a282 100644 (file)
--- a/net.c
+++ b/net.c
@@ -151,7 +151,8 @@ int send_bin_buffer(int fd, const char *buf, size_t len)
                cf = crypt_data_array[fd].send;
        if (cf) {
                void *private = crypt_data_array[fd].private_data;
-               unsigned char *outbuf = para_malloc(len);
+               /* RC4 may write more than len to the output buffer */
+               unsigned char *outbuf = para_malloc(ROUND_UP(len, 8));
                (*cf)(len, (unsigned char *)buf, outbuf, private);
                ret = sendall(fd, (char *)outbuf, &len);
                free(outbuf);

diff --git a/para.h b/para.h
index eb99ec68e6f2609da70f8d75d3dc038c1c4ea59e..a580b14c9946bf9d10d1062a49b445e295ba72ff 100644 (file)
--- a/para.h
+++ b/para.h
@@ -206,3 +206,5 @@ static inline int para_random(unsigned max)
        return ((max + 0.0) * (rand() / (RAND_MAX + 1.0)));
 }
 
+/* Round up x to a multiple of y */
+#define ROUND_UP(x, y) (((x) + (y - 1) / (y)) * (y))