RFC Errata
RFC 1751, "A Convention for Human-Readable 128-bit Keys", December 1994
Source of RFC: LegacyArea Assignment: sec
See Also: RFC 1751 w/ inline errata
Errata ID: 4617
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Yoav Nir
Date Reported: 2016-02-10
Verifier Name: Stephen Farrell
Date Verified: 2016-09-12
Section Appendix A says:
btoe(engout,c) char *c, *engout; { char cp[9]; /* add in room for the parity 2 bits*/
It should say:
btoe(engout,c) char *c, *engout; { char cp[10]; /* add in room for the parity 2 bits*/
Notes:
This is an off-by-one error in the sample code in Appendix A.
Further down, we have this loop:
for(p = 0,i = 0; i < 64;i += 2)
p += extract(cp,i,2);
So i goes all the way to 62, and 9-byte cp is passed to extract()
In extract, we have this:
static unsigned long
extract(s, start, length)
char *s;
int start, length;
{
.
.
.
cr = s[start/8 +2];
If start is 62, then (start/8+2) is 9. s is the same 9-byte cp, and s[start/8 +2] is a one-byte overflow.