In the case where len is not a multiple of sizeof(RC4_CHUNK) the RC4 code

will end up doing a read and write of up to 7 bytes beyond the specified
length. This is effectively a non-issue since we read and write back the
same data and due to alignment it is within a page boundary.

Regardless, avoid this by removing the "special" handling for the remaining
length and allow the standard (non-chunk) code to process the remaining
bytes, which does not result in overrun.

Reported by Pascal Cuoq <cuoq at trust-in-soft.com> - thanks!

ok beck@ miod@

0 files changed, 0 insertions, 0 deletions