github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed buffer overflow in Utils::Md5::hexdigest()

Browse Source 
Found via failed test (auditlog.json) on Alpine Linux 3.8.2.
This commit is contained in:
Andrei Belov 2019-01-14 09:04:45 +03:00 committed by Felipe Zimmerle
parent 3c1fba278c
commit ae02076340
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/utils/md5.cc
View File

@ -13,7 +13,7 @@ std::string Md5::hexdigest(std::string& input) {
mbedtls_md5(reinterpret_cast<const unsigned char *>(input.c_str()), mbedtls_md5(reinterpret_cast<const unsigned char *>(input.c_str()),
input.size(), digest); input.size(), digest);
char buf[32]; char buf[33];
for (int i = 0; i < 16; i++) { for (int i = 0; i < 16; i++) {
sprintf(buf+i*2, "%02x", digest[i]); sprintf(buf+i*2, "%02x", digest[i]);
} }