Fix: Suspicious 'sizeof' use

This rule finds expressions that take the size of a function parameter of array type. In C, function parameters of array type are treated as if they had the corresponding pointer type, so their size is always the size of the pointer type (typically either four or eight). In particular, one cannot determine the size of a memory buffer passed as a parameter in this way. Using the `sizeof` operator on pointer types will produce unexpected results if the developer intended to get the size of an array instead of the pointer. Fixed by use the datatype `struct MD5Context` directly
greenbone · May 22, 2023 · 0879626 · 0879626
1 parent 0ddb632
commit 0879626
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/samba/lib/crypto/md5.c b/samba/lib/crypto/md5.c
@@ -147,7 +147,7 @@ _PUBLIC_ void _Samba_MD5Final(uint8_t digest[16], struct MD5Context *ctx)
     MD5Transform(ctx->buf, (uint32_t *) ctx->in);
     byteReverse((uint8_t *) ctx->buf, 4);
     memmove(digest, ctx->buf, 16);
-    memset(ctx, 0, sizeof(ctx));	/* In case it's sensitive */
+    memset(ctx, 0, sizeof(struct MD5Context));	/* In case it's sensitive */
 }
 
 /* The four core functions - F1 is optimized somewhat */