You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Original bug ID: 5662 Reporter:@oandrieu Assigned to:@lefessan Status: closed (set by @xavierleroy on 2015-12-11T18:07:04Z) Resolution: fixed Priority: normal Severity: minor Fixed in version: 4.01.0+dev Category: runtime system and C interface Monitored by: mehdi
Bug description
The caml_MD5Final function ends with the following line:
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
The intent is to wipe the MD5 context (it contains a few bytes of the data being hashed). But since ctx is a pointer, this only wipes the first 4 or 8 bytes of the context.
Should be:
memset(ctx, 0, sizeof ctx); / In case it's sensitive */
The text was updated successfully, but these errors were encountered:
Original bug ID: 5662
Reporter: @oandrieu
Assigned to: @lefessan
Status: closed (set by @xavierleroy on 2015-12-11T18:07:04Z)
Resolution: fixed
Priority: normal
Severity: minor
Fixed in version: 4.01.0+dev
Category: runtime system and C interface
Monitored by: mehdi
Bug description
The caml_MD5Final function ends with the following line:
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
The intent is to wipe the MD5 context (it contains a few bytes of the data being hashed). But since ctx is a pointer, this only wipes the first 4 or 8 bytes of the context.
Should be:
memset(ctx, 0, sizeof ctx); / In case it's sensitive */
The text was updated successfully, but these errors were encountered: