From 41a9489dd4e517bcec78486bc57abc69bb5200f7 Mon Sep 17 00:00:00 2001
From: Giacomo Tesio <giacomo@tesio.it>
Date: Tue, 17 Jan 2017 00:01:08 +0100
Subject: [PATCH] libsec: fix des56to64 access to key array

CID 155910 (#1 of 1): Out-of-bounds access (OVERRUN)1.

overrun-buffer-val: Overrunning buffer pointed to by key of 7 bytes by passing it to a function which accesses it at byte offset 63.
---
 sys/src/lib/sec/port/des.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/src/lib/sec/port/des.c b/sys/src/lib/sec/port/des.c
index 1654d6f..d47c48c 100644
--- a/sys/src/lib/sec/port/des.c
+++ b/sys/src/lib/sec/port/des.c
@@ -435,8 +435,8 @@ des56to64(uint8_t *k56, uint8_t *k64)
 {
 	uint32_t hi, lo;
 
-	hi = ((uint32_t)k56[0]<<24)|((uint32_t)k56[1]<<16)|((uint32_t)k56[2]<<8)|k56[3];
-	lo = ((uint32_t)k56[4]<<24)|((uint32_t)k56[5]<<16)|((uint32_t)k56[6]<<8);
+	hi = (k56[0]<<24)|(k56[1]<<16)|(k56[2]<<8)|k56[3];
+	lo = (k56[4]<<24)|(k56[5]<<16)|(k56[6]<<8);
 
 	k64[0] = parity[(hi>>25)&0x7f];
 	k64[1] = parity[(hi>>18)&0x7f];