From a7df51164d40b72c97810a3a57c0157406770a7c Mon Sep 17 00:00:00 2001
From: Will Cosgrove <will@panic.com>
Date: Mon, 11 Dec 2017 11:31:57 -0800
Subject: [PATCH] Fixed incorrect reference to decrypted block

Fixed incorrectly copied memory from p->buf into init instead of from the decrypted buffer block. The only reason this worked was because the crypt() function decrypts the value in-place and overwrites p->buf.  I'm working on a fork that no longer does this and exposed this bug.
---
 src/transport.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/transport.c b/src/transport.c
index 8725da09..20aac453 100644
--- a/src/transport.c
+++ b/src/transport.c
@@ -420,7 +420,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
                 }
                 /* save the first 5 bytes of the decrypted package, to be
                    used in the hash calculation later down. */
-                memcpy(p->init, &p->buf[p->readidx], 5);
+                memcpy(p->init, block, 5);
             } else {
                 /* the data is plain, just copy it verbatim to
                    the working block buffer */