Merge pull request mono#129 from grumpydev/CryptoFixo

Fix for out of bounds exception in Rfc2898DeriveBytes

mcs/class/corlib/System.Security.Cryptography/Rfc2898DeriveBytes.cs

@@ -33,9 +33,9 @@
 
 using Mono.Security.Cryptography;
 
-namespace System.Security.Cryptography { 
+namespace System.Security.Cryptography {
 
-	[ComVisible (true)]
+    [ComVisible (true)]
 	public class Rfc2898DeriveBytes : DeriveBytes {
 
 		private const int defaultIterations = 1000;
@@ -155,6 +155,13 @@ public override byte[] GetBytes (int cb)
 				Buffer.BlockCopy (_buffer, _pos, result, 0, count);
 				if (count >= cb)
 					return result;
+
+                // If we are going to go over the boundaries
+                // of the result on our l-1 iteration, reduce
+                // l to compensate.
+                if (((l-1) * 20 + count) > result.Length)
+                    l--;
+
 				_pos = 0;
 				rpos = count;
 			}

mcs/class/corlib/Test/System.Security.Cryptography/Rfc2898DeriveBytesTest.cs

@@ -356,6 +356,15 @@ public void SplitCalls_TwoInstances ()
 
 			CompareBuffers (big, a, b);
 		}
+
+		[Test]
+		public void MultipleCalls_DoesntOverrunBuffer ()
+		{
+			Rfc2898DeriveBytes keygen = new Rfc2898DeriveBytes("Password", new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 });
+
+			keygen.GetBytes(32);
+			keygen.GetBytes(64);
+		}
 	}
 }