From 73ab341130352e9e32ce01dbc2b86d3970461a3c Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 23 May 2011 12:27:43 +0000
Subject: [PATCH] PR: 2522 Submitted by: Henrik Grindal Bakken
 <henribak@cisco.com>

Don't compare past end of buffer.
---
 fips/rand/fips_drbg_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index 7892a02b60..46f059d058 100644
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -145,7 +145,7 @@ static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
 	if (rv < (min_len + bl) || (rv % bl))
 		return 0;
 	/* Compare consecutive blocks for continuous PRNG test */
-	for (p = tout; p < tout + rv; p += bl)
+	for (p = tout; p < tout + rv - bl; p += bl)
 		{
 		if (!memcmp(p, p + bl, bl))
 			{
-- 
2.34.1