From daa4981e60c3130222a38d6ec3e653f87bc64612 Mon Sep 17 00:00:00 2001 From: Joakim Tjernlund Date: Thu, 26 Nov 2009 12:23:07 +0000 Subject: [PATCH] ospfd: invalid MD5 auth_key? This looks fishy in ospf_make_md5_digest() if (list_isempty (OSPF_IF_PARAM (oi, auth_crypt))) auth_key = (const u_int8_t *) ""; ... MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE); auth_key points to a "" string of len 1 which is a lot smaller that OSPF_AUTH_MD5_SIZE. Is this intentional to get some random data or just a plain bug? Anyone using MD5 should have a closer look and decide what to do. Acked-by: Feng Lu (cherry picked from commit ea2a598411cc7bd20456849e56bbc9e93c9916e7) --- ospfd/ospf_packet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c index f580444118..e4c74d705e 100644 --- a/ospfd/ospf_packet.c +++ b/ospfd/ospf_packet.c @@ -383,7 +383,7 @@ static int ospf_make_md5_digest (struct ospf_interface *oi, struct ospf_packet *op) { struct ospf_header *ospfh; - unsigned char digest[OSPF_AUTH_MD5_SIZE]; + unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0}; MD5_CTX ctx; void *ibuf; u_int32_t t; @@ -410,7 +410,7 @@ ospf_make_md5_digest (struct ospf_interface *oi, struct ospf_packet *op) /* Get MD5 Authentication key from auth_key list. */ if (list_isempty (OSPF_IF_PARAM (oi, auth_crypt))) - auth_key = (const u_int8_t *) ""; + auth_key = (const u_int8_t *) digest; else { ck = listgetdata (listtail(OSPF_IF_PARAM (oi, auth_crypt))); -- 2.39.5