diff options
| author | Karel Zak | 2009-12-10 11:59:46 +0100 |
|---|---|---|
| committer | Karel Zak | 2009-12-10 11:59:46 +0100 |
| commit | 6596057175c6ed342dc20e85eae8a42eb29b629f (patch) | |
| tree | 4901238fe67a55e3164299c65975f02bda784422 /misc-utils/wipefs.c | |
| parent | build-sys: release++ (v2.17-rc2) (diff) | |
| download | kernel-qcow2-util-linux-6596057175c6ed342dc20e85eae8a42eb29b629f.tar.gz kernel-qcow2-util-linux-6596057175c6ed342dc20e85eae8a42eb29b629f.tar.xz kernel-qcow2-util-linux-6596057175c6ed342dc20e85eae8a42eb29b629f.zip | |
lib: bug (typo) in function MD5Final()
On Wed, Dec 09, 2009 at 10:08:38PM +0000, Jochen Voss wrote:
> while experimenting with coccinelle, I accidentally found what I
> believe is a bug in util-linux-ng release 2.17-rc2 (downloaded
> today). The problem is the following code in lib/md5.c (around line
> 153):
>
> void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
> {
> [...]
> memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
> }
>
> The third argument of memset should probably be the size of 'struct
> MD5Context' instead of the size of the pointer. So my guess is
> that the memset line should be
>
> memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
>
> instead. I don't know whether this actually causes a problem,
> but the comment makes it seem possible that it does.
Note, this typo does not have any impact on the utils in the
util-linux-ng project, because we don't use MD5 for any security
sensitive data or cryptographic stuff. The typo also does not have any
impact to the final MD5 hashes.
Reported-by: Jochen Voss <voss@seehuhn.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'misc-utils/wipefs.c')
0 files changed, 0 insertions, 0 deletions