|
MD5
|
created: 19.03.2004
updated: 19.03.2004
|
|
While reviewing the code in my private C helper library, I found a small bug in the Public Domain MD5 Implementation of Colin Plumb, that is used by quite a few projects.
The impact of this bug is a potential information-leak.
I was quite surprised, to say the least, that a (granted - minor) bug like that could survive 11 years of peer review (being rarely fixed in a few projects like bind9 or linux2.5) - especially in a potentially security critical component like MD5.
Here's one occasion where this bug has been fixed in the Linux Kernel 11 months ago (... but not via human code review, but by the Stanford Checker):
[CHECKER] Passing wrong size to memcpy/memset
|
|
void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
{
[...]
MD5Transform(ctx->buf, ctx->in);
byteSwap(ctx->buf, 4);
memcpy(digest, ctx->buf, 16);
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
}
sizeof(ctx) = sizeof(a pointer) < sizeof(struct MD5Context)
memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
Projects that contain the same buggy code (primarily for me to remember which projects I have to report the bug to):
|