From ade45974506ffedcd057f336fbcf71941d77b09c Mon Sep 17 00:00:00 2001
From: Andre <maan@p133.(none)>
Date: Wed, 12 Jul 2006 19:39:31 +0200
Subject: [PATCH] para_decrypt_challenge(): write terminating 0 byte

As we do a sscanf() on the buffer. Noted by valgrind.
---
 crypt.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypt.c b/crypt.c
index 34407d78..653b1a24 100644
--- a/crypt.c
+++ b/crypt.c
@@ -100,12 +100,14 @@ int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *in
 int para_decrypt_challenge(char *key_file, long unsigned *challenge_nr,
 		unsigned char *inbuf, int rsa_inlen)
 {
-	unsigned char *rsa_out = OPENSSL_malloc(128);
+	unsigned char *rsa_out = OPENSSL_malloc(rsa_inlen + 1);
 	int ret = para_decrypt_buffer(key_file, rsa_out, inbuf, rsa_inlen);
 
-	if (ret >= 0)
+	if (ret >= 0) {
+		rsa_out[ret] = '\0';
 		ret = sscanf((char *)rsa_out, "%lu", challenge_nr) == 1?
 			1 : -E_CHALLENGE;
+	}
 	OPENSSL_free(rsa_out);
 	return ret;
 }
-- 
2.39.2