memset length found by jsg. missing free found by me.
maybe the free was deliberate to avoid optimizing away memset? I think
it's still wrong to do that though.
Index: md5.c
===================================================================
RCS file: /home/tedu/cvs/src/bin/md5/md5.c,v
retrieving revision 1.52
diff -u -p -r1.52 md5.c
--- md5.c 27 Oct 2010 15:24:10 -0000 1.52
+++ md5.c 5 Jul 2011 18:22:20 -0000
@@ -415,7 +415,8 @@ digest_end(const struct hash_function *h
hf->final(digest, ctx);
if (b64_ntop(digest, hf->digestlen, buf, bsize) == -1)
errx(1, "error encoding base64");
- memset(digest, 0, sizeof(digest));
+ memset(digest, 0, hf->digestlen);
+ free(digest);
} else {
hf->end(ctx, buf);
}
