Correct a faulty address assignment, and add a length check (not

really needed now, but may be needed in the future, who knows?).

diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c
index 29b2d7af0b016169eba49b29402b68c1f7a6e36c..1267a3acae7cb975032e56b572efdaced87b6b7f 100644 (file)
--- a/crypto/rand/rand_vms.c
+++ b/crypto/rand/rand_vms.c
@@ -101,11 +101,12 @@ int RAND_poll(void)
        pitem = item;
 
        /* Setup */
-       while (pitems_data->length)
+       while (pitems_data->length
+               && (total_length + pitems_data->length <= 256))
                {
                pitem->length = pitems_data->length;
                pitem->code = pitems_data->code;
-               pitem->buffer = (long *)data_buffer[total_length];
+               pitem->buffer = (long *)&data_buffer[total_length];
                pitem->retlen = 0;
                total_length += pitems_data->length;
                pitems_data++;