--On Friday, January 11, 2013 6:19 AM +0000 [email protected] wrote: > Full_Name: Matthew Hardin > Version: 2.4.33+ > OS: All > URL: ftp://ftp.openldap.org/incoming/sha2.c-diff.txt > Submission from: (NULL) (69.43.206.100) > > > contrib/slapd-modules/passwd/sha2/sha2.c uses a series of context buffers > and zeros them out in several places using the following macro: > > MEMSET_BZERO(context, sizeof(context)) > > The variable 'context' is a pointer to a context buffer, so sizeof will > evaluate to the size of a pointer for the particular platform. As a > result, the context buffer is only partially zeroed. > > The correct invocation is: > > MEMSET_BZERO(context, sizeof(*context)) > > which will zero out the complete context buffer. > > The referenced diff details the changes to sha2.c that are necessary to > correct this issue. > > Note this also cleans up warnings reported by MacOS's clang compiler. > > I, Matthew Hardin, hereby place the following modifications to OpenLDAP > Software (and only these modifications) into the public domain. Hence, > these modifications may be freely used and/or redistributed for any > purpose with or without attribution and/or other notice.
Can you resubmit the patch using git-format-patch? Or at least using unified diff format? ;) --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
