lib: bug (typo) in function MD5Final()
On Wed, Dec 09, 2009 at 10:08:38PM +0000, Jochen Voss wrote: > while experimenting with coccinelle, I accidentally found what I > believe is a bug in util-linux-ng release 2.17-rc2 (downloaded > today). The problem is the following code in lib/md5.c (around line > 153): > > void MD5Final(unsigned char digest[16], struct MD5Context *ctx) > { > [...] > memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ > } > > The third argument of memset should probably be the size of 'struct > MD5Context' instead of the size of the pointer. So my guess is > that the memset line should be > > memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ > > instead. I don't know whether this actually causes a problem, > but the comment makes it seem possible that it does. Note, this typo does not have any impact on the utils in the util-linux-ng project, because we don't use MD5 for any security sensitive data or cryptographic stuff. The typo also does not have any impact to the final MD5 hashes. Reported-by: Jochen Voss <voss@seehuhn.de> Signed-off-by: Karel Zak <kzak@redhat.com>
This commit is contained in:
parent
9a39edc1ab
commit
6596057175
|
@ -150,7 +150,7 @@ void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
|
|||
MD5Transform(ctx->buf, (uint32_t *) ctx->in);
|
||||
byteReverse((unsigned char *) ctx->buf, 4);
|
||||
memcpy(digest, ctx->buf, 16);
|
||||
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
|
||||
memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
|
||||
}
|
||||
|
||||
#ifndef ASM_MD5
|
||||
|
|
Loading…
Reference in New Issue