ospfd: invalid MD5 auth_key?

This looks fishy in ospf_make_md5_digest()
if (list_isempty (OSPF_IF_PARAM (oi, auth_crypt)))
    auth_key = (const u_int8_t *) "";
...
MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
auth_key points to a "" string of len 1 which is a lot
smaller that OSPF_AUTH_MD5_SIZE. Is this intentional to
get some random data or just a plain bug?

Anyone using MD5 should have a closer look and decide
what to do.
Acked-by: Feng Lu <lu.feng@6wind.com>
(cherry picked from commit ea2a598411cc7bd20456849e56bbc9e93c9916e7)

diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c
index f5804441182465284bf706d4ab2147e0be910010..e4c74d705e25b6a0bbde7e1d5286362326594d46 100644 (file)
--- a/ospfd/ospf_packet.c
+++ b/ospfd/ospf_packet.c
@@ -383,7 +383,7 @@ static int
 ospf_make_md5_digest (struct ospf_interface *oi, struct ospf_packet *op)
 {
   struct ospf_header *ospfh;
-  unsigned char digest[OSPF_AUTH_MD5_SIZE];
+  unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
   MD5_CTX ctx;
   void *ibuf;
   u_int32_t t;
@@ -410,7 +410,7 @@ ospf_make_md5_digest (struct ospf_interface *oi, struct ospf_packet *op)
 
   /* Get MD5 Authentication key from auth_key list. */
   if (list_isempty (OSPF_IF_PARAM (oi, auth_crypt)))
-    auth_key = (const u_int8_t *) "";
+    auth_key = (const u_int8_t *) digest;
   else
     {
       ck = listgetdata (listtail(OSPF_IF_PARAM (oi, auth_crypt)));