The encryption code may write a full AES block to the end of the
buffer, so make sure the temporary buffer is long enough to fit that
data.
if (data_len < 8 + 8)
return NULL;
- plain = os_malloc(data_len);
+ plain = os_malloc(data_len + AES_BLOCK_SIZE);
if (plain == NULL)
return NULL;
plen = len - hdrlen;
last = plen % AES_BLOCK_SIZE;
- crypt = os_malloc(hdrlen + 8 + plen + 8);
+ crypt = os_malloc(hdrlen + 8 + plen + 8 + AES_BLOCK_SIZE);
if (crypt == NULL)
return NULL;