On Tue, Jul 05, 2011 at 02:27:15PM -0400, Ted Unangst wrote:
> memset length found by jsg. missing free found by me.
>
> maybe the free was deliberate to avoid optimizing away memset? I think
> it's still wrong to do that though.
>
> Index: md5.c
> ===================================================================
> RCS file: /home/tedu/cvs/src/bin/md5/md5.c,v
> retrieving revision 1.52
> diff -u -p -r1.52 md5.c
> --- md5.c 27 Oct 2010 15:24:10 -0000 1.52
> +++ md5.c 5 Jul 2011 18:22:20 -0000
> @@ -415,7 +415,8 @@ digest_end(const struct hash_function *h
> hf->final(digest, ctx);
> if (b64_ntop(digest, hf->digestlen, buf, bsize) == -1)
> errx(1, "error encoding base64");
> - memset(digest, 0, sizeof(digest));
> + memset(digest, 0, hf->digestlen);
> + free(digest);
> } else {
> hf->end(ctx, buf);
> }
>
ok krw@
.... Ken
