From f74e6ff2f27938157ea634ed0873b27ca4f6f4e0 Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Thu, 3 Oct 2019 12:18:51 -0500
Subject: [PATCH] crypto: fix copy size causing overruns/crashing

num_ad is already accounted for in `sizeof(iov)`
as iov has size `sizeof(struct iovec) * (num_ad+1)`.
---
 src/crypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/crypto.c b/src/crypto.c
index 632117dd..62edd447 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -311,7 +311,7 @@ bool aes_siv_encrypt(const uint8_t *key, size_t key_len, const uint8_t *in,
 	struct iovec iov[num_ad + 1];
 	uint8_t v[16];
 
-	memcpy(iov, ad, sizeof(iov) * num_ad);
+	memcpy(iov, ad, sizeof(struct iovec) * num_ad);
 	iov[num_ad].iov_base = (void *)in;
 	iov[num_ad].iov_len = in_len;
 	num_ad++;
@@ -368,7 +368,7 @@ bool aes_siv_decrypt(const uint8_t *key, size_t key_len, const uint8_t *in,
 	if (in_len < 16)
 		return false;
 
-	memcpy(iov, ad, sizeof(iov) * num_ad);
+	memcpy(iov, ad, sizeof(struct iovec) * num_ad);
 	iov[num_ad].iov_base = (void *)out;
 	iov[num_ad].iov_len = in_len - 16;
 	num_ad++;