From 0d7ba4002e3463e1b27b7695d745dce6be7714ce Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Tue, 30 Jun 2026 04:44:38 +0000 Subject: [PATCH] fix: V-001 security vulnerability Automated security fix generated by OrbisAI Security --- src/wp_dh_exch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp_dh_exch.c b/src/wp_dh_exch.c index 3154e297..982a855f 100644 --- a/src/wp_dh_exch.c +++ b/src/wp_dh_exch.c @@ -298,7 +298,7 @@ static int wp_dh_derive_secret(wp_DhCtx* ctx, unsigned char* secret, } else { /* Front pad with zeros if required. */ - if (ctx->pad && (len != maxLen)) { + if (ctx->pad && (len != maxLen) && (len <= (word32)maxLen)) { XMEMMOVE(secret + maxLen - len, secret, len); XMEMSET(secret, 0, maxLen - len); len = (word32)maxLen;