From f25b1442ff386c98e2e2bdf8ac791a381e783b1a Mon Sep 17 00:00:00 2001
From: Marcel Holtmann <marcel@holtmann.org>
Date: Sun, 28 Dec 2014 06:49:00 +0100
Subject: [PATCH] core: Fix output buffer length handling of prf_sha1()
 function

---
 src/sha1.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/sha1.c b/src/sha1.c
index f3811274..27f30eee 100644
--- a/src/sha1.c
+++ b/src/sha1.c
@@ -174,10 +174,17 @@ bool prf_sha1(const void *key, size_t key_len,
 	input_len = prefix_len + 1 + data_len + 1;
 
 	for (i = 0; i < (size + 19) / 20; i++) {
-		__hmac_sha1(checksum, key, key_len, input, input_len,
-						output + offset, SHA1_MAC_LEN);
+		size_t len;
 
-		offset += 20;
+		if (size - offset > SHA1_MAC_LEN)
+			len = SHA1_MAC_LEN;
+		else
+			len = size - offset;
+
+		__hmac_sha1(checksum, key, key_len, input, input_len,
+							output + offset, len);
+
+		offset += len;
 		input[input_len - 1]++;
 	}