From 8da11f082f2081d1c1d2e54725ebd4f3a12d56e3 Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Fri, 20 Feb 2015 19:21:06 +0100
Subject: Array overrun fix.

Contributed by "SR" (kane5410 at gmx.net).

* rijndael.h (rijn_keysched_t): The rijn_roundkey array must have
RIJN_MAX_ROUNDS + 1, like the comment above the structure declaration
says, otherwise it is accessed out of bounds.
---
 rijndael.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'rijndael.h')

diff --git a/rijndael.h b/rijndael.h
index 857e9f2..003ea54 100644
--- a/rijndael.h
+++ b/rijndael.h
@@ -57,7 +57,7 @@ typedef unsigned char rijn_flatblock_t[sizeof (rijn_block_t)];
 typedef struct {
     rijn_param_t rijn_param;
     int rijn_nrounds;
-    rijn_block_t rijn_roundkey[RIJN_MAX_ROUNDS];
+    rijn_block_t rijn_roundkey[RIJN_MAX_ROUNDS+1];
 } rijn_keysched_t;
 
 void rijn_sched_key(rijn_keysched_t *, rijn_key_t *, const rijn_param_t *);
-- 
cgit v1.2.3