From ab53446d5164efcf826f2926683a760cb61bc7f7 Mon Sep 17 00:00:00 2001
From: mpsun <msunet@nvidia.com>
Date: Mon, 22 Jul 2019 17:13:22 -0700
Subject: [PATCH] Fix buffer overflow in test_cjose_jwe_multiple_recipients()

The function allocates two cjose_jwe_recipient_t on the stack and then writes at index 2, which is out of bounds. The NULL pointer also seems unnecessary because cjose_jwe_encrypt_multi() takes a count as its argument.
---
 test/check_jwe.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/test/check_jwe.c b/test/check_jwe.c
index 459dce1..df14e49 100644
--- a/test/check_jwe.c
+++ b/test/check_jwe.c
@@ -1151,8 +1151,6 @@ START_TEST(test_cjose_jwe_multiple_recipients)
         rec[i].unprotected_header = unprotected;
     }
 
-    rec[2].jwk = NULL;
-
     cjose_header_t *protected_header = cjose_header_new(&err);
 
     ck_assert_msg(cjose_header_set(protected_header, CJOSE_HDR_ENC, CJOSE_HDR_ENC_A256GCM, &err),