Hello, due to a missing pointer dereference, the only the first 4 / 8 bytes of the MD5 context are cleared out on MD5Final.
Please apply the patch attached. Best, -- Pietro Cerutti The FreeBSD Project [email protected] PGP Public Key: http://gahr.ch/pgp
--- src/md5.c.orig 2014-02-14 17:34:29.000000000 +0100
+++ src/md5.c 2014-02-14 17:34:37.000000000 +0100
@@ -141,7 +141,7 @@
MD5Transform(ctx->buf, (uint32 *) ctx->in);
byteReverse((unsigned char *) ctx->buf, 4);
memcpy(digest, ctx->buf, 16);
- memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
+ memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
}
#ifndef ASM_MD5
pgpbPuV2bmO9F.pgp
Description: PGP signature
_______________________________________________ Remind-fans mailing list [email protected] http://lists.roaringpenguin.com/cgi-bin/mailman/listinfo/remind-fans Remind is at http://www.roaringpenguin.com/products/remind
