lib: bug (typo) in function MD5Final()

On Wed, Dec 09, 2009 at 10:08:38PM +0000, Jochen Voss wrote:
> while experimenting with coccinelle, I accidentally found what I
> believe is a bug in util-linux-ng release 2.17-rc2 (downloaded
> today). The problem is the following code in lib/md5.c (around line
> 153):
>
>     void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
>     {
>   [...]
>   memset(ctx, 0, sizeof(ctx));        /* In case it's sensitive */
>     }
>
> The third argument of memset should probably be the size of 'struct
> MD5Context' instead of the size of the pointer.  So my guess is
> that the memset line should be
>
>   memset(ctx, 0, sizeof(*ctx));       /* In case it's sensitive */
>
> instead.  I don't know whether this actually causes a problem,
> but the comment makes it seem possible that it does.

Note, this typo does not have any impact on the utils in the
util-linux-ng project, because we don't use MD5 for any security
sensitive data or cryptographic stuff. The typo also does not have any
impact to the final MD5 hashes.

Reported-by: Jochen Voss <voss@seehuhn.de>
Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/lib/md5.c b/lib/md5.c
index 306984517bc8e962a6893b738ba7a058b3408e3e..6ad4b6845a20c2f30413fe68564645b2c5352851 100644 (file)
--- a/lib/md5.c
+++ b/lib/md5.c
@@ -150,7 +150,7 @@ void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
     MD5Transform(ctx->buf, (uint32_t *) ctx->in);
     byteReverse((unsigned char *) ctx->buf, 4);
     memcpy(digest, ctx->buf, 16);
-    memset(ctx, 0, sizeof(ctx));       /* In case it's sensitive */
+    memset(ctx, 0, sizeof(*ctx));      /* In case it's sensitive */
 }
 
 #ifndef ASM_MD5