From bef666a8991b39bbe1c8cde2fda8a9897116ee11 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Wiedenmann?= <github CAT xorxor DOG de>
Date: Wed, 15 Aug 2018 19:51:01 +0200
Subject: [PATCH] Fix buffer overflow in write_chalresp_state()

Buffer was defined as CR_SALT_SIZE = 32 but number of random bytes
was CR_CHALLENGE_SIZE = 63.
---
 util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util.c b/util.c
index 14f456b..f0d3938 100644
--- a/util.c
+++ b/util.c
@@ -524,7 +524,7 @@ write_chalresp_state(FILE *f, CR_STATE *state)
     iterations = state->iterations;
   }
 
-  if (generate_random(salt, CR_CHALLENGE_SIZE)) {
+  if (generate_random(salt, CR_SALT_SIZE)) {
     goto out;
   }