From 5aab53ce521ec51eae8a4df58e4d3ef0c52cbefe Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Mon, 2 Aug 1999 08:35:11 +0000
Subject: [PATCH] Fix potential security problems in random number generator

[originally from svn r190]
---
 sshrand.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/sshrand.c b/sshrand.c
index 17ef6e34..b3bd08bf 100644
--- a/sshrand.c
+++ b/sshrand.c
@@ -52,8 +52,8 @@ void random_add_noise(void *noise, int length) {
 	pool.incomingpos = 0;
     }
 
-    memcpy(pool.incomingb, p, length);
-    pool.incomingpos = length;
+    memcpy(pool.incomingb + pool_incomingpos, p, length);
+    pool.incomingpos += length;
 }
 
 void random_stir(void) {
@@ -121,7 +121,7 @@ void random_stir(void) {
      * there'll be some extra bizarreness there.
      */
     SHATransform(digest, block);
-    memcpy(digest, pool.incoming, sizeof(digest));
+    memcpy(pool.incoming, digest, sizeof(digest));
 
     pool.poolpos = sizeof(pool.incoming);
 }
@@ -137,8 +137,8 @@ static void random_add_heavynoise(void *noise, int length) {
 	pool.poolpos = 0;
     }
 
-    memcpy(pool.pool, p, length);
-    pool.poolpos = length;
+    memcpy(pool.pool + pool.poolpos, p, length);
+    pool.poolpos += length;
 }
 
 void random_init(void) {
-- 
2.45.2