Menu
▾
▴
#705 Unnecessary memdup in md5.c:MDsign()
At line 407 in md5.c, we have the following:
if (((unsigned int)data)%32 != 0) {
/* this relies on the ability to use integer math
and thus we
must rely on data that aligns on
32-bit-word-boundries */
memdup(&newdata, data, len);
cp = newdata;
} else {
cp = data;
}
However, requiring that data is an even multiple of 32
bytes is far
more stringent than is necessary to ensure 32-bit
alignment.
The test should be changed to
if (((unsigned int)data)%4 != 0) {
in order to avoid many needless memdups. It might be
wiser to use
%sizeof(long), in case LP64 environments need 8-byte
alignment.
-SEan
Logged In: YES
user_id=93926
also note that the built-in md5 stuff gets compiled in even
when we are using the openssl crypto routines which seems a
bit pointless (just thought I would mention this here)
Logged In: YES
user_id=76242
Thanks for the bug report! We've fixed the problem for the next release of the net-snmp package.