Hi,
while experimenting with coccinelle, I accidentially found what I
believe is a bug in util-linux-ng release 2.17-rc2 (downloaded today).
The probem is the following code in lib/md5.c (around line 153):
void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
{
[...]
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
}
The third argument of memset should probably be the size of 'struct
MD5Context' instead of the size of the pointer. So my guess is
that the memset line should be
memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
instead. I don't know whether this actually causes a problem,
but the comment makes it seem possible that it does.
I hope this helps,
Jochen
--
http://seehuhn.de/
Attachment:
signature.asc
Description: Digital signature
