From 0a58300cdea4733afad31df8a4ff283f3b42caca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Sun, 11 Nov 2018 12:25:50 +0100
Subject: [PATCH] nthash: The output buffer for gensalt must be at least 30
 bytes long.

The size of the buffer provided by 'o_size' must be at least 30 bytes
long to fit the terminating null byte.
Also use 'XCRYPT_STRCPY_OR_ABORT' over plain 'memcpy', since it is
the preferred method to copy strings.
---
 crypt-nthash.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/crypt-nthash.c b/crypt-nthash.c
index 5ae7842..bb7c1ff 100644
--- a/crypt-nthash.c
+++ b/crypt-nthash.c
@@ -119,7 +119,7 @@ gensalt_nt_rn (unsigned long count,
      At least 1 byte of RBYTES is needed
      to calculate the MD4 hash used in the
      fake salt.  */
-  if ((o_size < 29) || (nrbytes < 1))
+  if ((o_size < 30) || (nrbytes < 1))
     {
       errno = ERANGE;
       return;
@@ -142,9 +142,10 @@ gensalt_nt_rn (unsigned long count,
 
   for (i = 0; i < 7; i++)
     sprintf (&(hashstr[i * 2]), "%02x", hashbuf[i]);
+  hashstr[14] = '\0';
 
-  memcpy (output, salt, 15);
-  memcpy (output + 15, hashstr, 14+1);
+  XCRYPT_STRCPY_OR_ABORT (output, o_size, salt);
+  XCRYPT_STRCPY_OR_ABORT (output + 15, o_size - 15, hashstr);
 }
 
 #endif