https://bugs.gentoo.org/567608
Fix the extract() function not to access unnecessary array elements.
This avoids an out-of-bounds read when called from btoe() or etob().

--- skey-1.1.5-orig/put.c
+++ skey-1.1.5/put.c
@@ -2274,22 +2274,19 @@
 /* Extract 'length' bits from the char array 's' starting with bit 'start' */
 static unsigned int extract(char *s, int start, int length)
 {
-	unsigned char cl;
-	unsigned char cc;
-	unsigned char cr;
 	unsigned int x;
+	int i;
 
 	assert(length <= 11);
 	assert(start >= 0);
 	assert(length >= 0);
 	assert(start + length <= 66);
 
-	cl = s[start / 8];
-	cc = s[start / 8 + 1];
-	cr = s[start / 8 + 2];
-	x = ((int)(cl << 8 | cc) << 8 | cr);
-	x = x >> (24 - (length + (start % 8)));
-	x = (x & (0xffff >> (16 - length)));
+	x = 0;
+	for (i = start / 8; i < (start + length + 7) / 8; i++)
+		x = (x << 8) | (unsigned char)s[i];
+	x >>= 7 - (start + length + 7) % 8;
+	x &= (1 << length) - 1;
 
 	return x;
 }