From 5e82b7ec7b00a2a072904bf236d2d8bf06413b16 Mon Sep 17 00:00:00 2001
From: "git@daemon.de" <git@daemon.de>
Date: Mon, 10 Mar 2014 16:57:01 +0100
Subject: [PATCH] fixed buffer overflow when calling pcp_scrypt(), used invalid
 passwd size

---
 src/encryption.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/encryption.c b/src/encryption.c
index ad13695..6d8c924 100644
--- a/src/encryption.c
+++ b/src/encryption.c
@@ -70,10 +70,10 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i
       }
       else {
 	passphrase = ucmalloc(strlen(passwd)+1);
-	strncpy(passphrase, passwd, strlen(passwd)+1);
+	strncpy(passphrase, passwd, strlen(passwd));
       }
 
-      symkey = pcp_scrypt(passphrase, crypto_secretbox_KEYBYTES, salt, 90);
+      symkey = pcp_scrypt(passphrase, strlen(passphrase), salt, 90);
       free(salt);
     }
     else {
@@ -159,12 +159,12 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
     }
     else {
       passphrase = ucmalloc(strlen(passwd)+1);
-      strncpy(passphrase, passwd, strlen(passwd)+1);
+      strncpy(passphrase, passwd, strlen(passwd));
     }
     byte *salt = ucmalloc(90); /*  FIXME: use random salt, concat it with result afterwards */
     char stsalt[] = PBP_COMPAT_SALT;
     memcpy(salt, stsalt, 90);
-    symkey = pcp_scrypt(passphrase, crypto_secretbox_KEYBYTES, salt, 90);
+    symkey = pcp_scrypt(passphrase, strlen(passphrase), salt, 90);
     free(salt);
   }
   else if(id != NULL && recipient == NULL) {