Port changes to the extract() function from the skey patchset,
fixing an out-of-bounds read.

Fix signedness of first function argument.

--- otpCalc-0.97-orig/utility.c
+++ otpCalc-0.97/utility.c
@@ -28,21 +28,21 @@
 #include "utility.h"
 
 
-static unsigned short extract(char *s, int start, int length)
+static unsigned short extract(unsigned char *s, int start, int length)
 {
 
-	unsigned char cl;
-	unsigned char cc;
-	unsigned char cr;
 	unsigned int x;
+	int end, i;
 
 
-	cl = s[start / 8];
-	cc = s[start / 8 + 1];
-	cr = s[start / 8 + 2];
-	x = ((int) (cl << 8 | cc) << 8 | cr);
-	x = x >> (24 - (length + (start % 8)));
-	x = (x & (0xffff >> (16 - length)));
+	end = start + length - 1;
+	x = 0;
+	for (i = start / 8; i <= end / 8; i++) {
+		x <<= 8;
+		x |= s[i];
+	}
+	x >>= 7 - end % 8;
+	x &= (1 << length) - 1;
 
 	return (unsigned short)x;