From 0879626a464bac1c7863e3794a249207908c14b9 Mon Sep 17 00:00:00 2001 From: Christop Kraemer Date: Mon, 22 May 2023 12:05:03 +0200 Subject: [PATCH] Fix: Suspicious 'sizeof' use This rule finds expressions that take the size of a function parameter of array type. In C, function parameters of array type are treated as if they had the corresponding pointer type, so their size is always the size of the pointer type (typically either four or eight). In particular, one cannot determine the size of a memory buffer passed as a parameter in this way. Using the `sizeof` operator on pointer types will produce unexpected results if the developer intended to get the size of an array instead of the pointer. Fixed by use the datatype `struct MD5Context` directly --- samba/lib/crypto/md5.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samba/lib/crypto/md5.c b/samba/lib/crypto/md5.c index 9d03eb55..7e95ebeb 100644 --- a/samba/lib/crypto/md5.c +++ b/samba/lib/crypto/md5.c @@ -147,7 +147,7 @@ _PUBLIC_ void _Samba_MD5Final(uint8_t digest[16], struct MD5Context *ctx) MD5Transform(ctx->buf, (uint32_t *) ctx->in); byteReverse((uint8_t *) ctx->buf, 4); memmove(digest, ctx->buf, 16); - memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ + memset(ctx, 0, sizeof(struct MD5Context)); /* In case it's sensitive */ } /* The four core functions - F1 is optimized somewhat */