<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40578 >

The call to sprintf in create_md5sum() writes the terminating
'\0' past the end of the supplied output buffer if the buffer
has exactly DIGEST_HEX_BYTES bytes. Attached patch makes the
original buffer in authdb_check_password() large enough for
the terminating null, and also adds a "+ 1" to the array
argument declaration in create_md5sum() (of course this is
just a "reminding decoration", since the compiler is happy
to allow any char pointer as an argument).


-----------------------------------------------------------------------
上書きされるのはいやぁぁぁぁぁぁぁぁ!
diff --git a/server/auth.c b/server/auth.c
index b58fc39..68969a0 100644
--- a/server/auth.c
+++ b/server/auth.c
@@ -682,7 +682,7 @@ static bool authdb_check_password(struct connection *pconn,
   bool ok = FALSE;
   char buffer[512] = "";
   const int bufsize = sizeof(buffer);
-  char checksum[DIGEST_HEX_BYTES];
+  char checksum[DIGEST_HEX_BYTES + 1];
   MYSQL *sock, mysql;
 
   /* do the password checking right here */
diff --git a/utility/md5.c b/utility/md5.c
index 0945f3a..2f6c557 100644
--- a/utility/md5.c
+++ b/utility/md5.c
@@ -62,9 +62,10 @@
 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ...  */ };
 
 /**************************************************************************
- from a string, create an md5sum and store it in output in hex form
+  From a string, create an md5sum and store it in output in hex form.
 **************************************************************************/
-void create_md5sum(const char *input, int len, char output[DIGEST_HEX_BYTES])
+void create_md5sum(const char *input, int len,
+                   char output[DIGEST_HEX_BYTES + 1])
 {
   unsigned char bin_buffer[MAX_DIGEST_BIN_BYTES];
   size_t cnt;
diff --git a/utility/md5.h b/utility/md5.h
index 729a2a2..46eb96a 100644
--- a/utility/md5.h
+++ b/utility/md5.h
@@ -129,6 +129,7 @@ extern void *md5_buffer (const char *buffer, size_t len, void *resblock);
 
 #define MAX_DIGEST_BIN_BYTES DIGEST_BIN_BYTES
 
-void create_md5sum(const char *input, int len, char output[DIGEST_HEX_BYTES]);
+void create_md5sum(const char *input, int len,
+                   char output[DIGEST_HEX_BYTES + 1]);
 
 #endif
_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to