Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

typo in md5.c #5662

Closed
vicuna opened this issue Jun 25, 2012 · 1 comment
Closed

typo in md5.c #5662

vicuna opened this issue Jun 25, 2012 · 1 comment
Assignees

Comments

@vicuna
Copy link

vicuna commented Jun 25, 2012

Original bug ID: 5662
Reporter: @oandrieu
Assigned to: @lefessan
Status: closed (set by @xavierleroy on 2015-12-11T18:07:04Z)
Resolution: fixed
Priority: normal
Severity: minor
Fixed in version: 4.01.0+dev
Category: runtime system and C interface
Monitored by: mehdi

Bug description

The caml_MD5Final function ends with the following line:

memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */

The intent is to wipe the MD5 context (it contains a few bytes of the data being hashed). But since ctx is a pointer, this only wipes the first 4 or 8 bytes of the context.

Should be:

memset(ctx, 0, sizeof ctx); / In case it's sensitive */

@vicuna
Copy link
Author

vicuna commented Jun 25, 2012

Comment author: @lefessan

Fixed in SVN trunk revision 12642 for 4.01.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants