--On Friday, January 11, 2013 6:19 AM +0000 mhardin@symas.com wrote:

Full_Name: Matthew Hardin Version: 2.4.33+ OS: All URL: ftp://ftp.openldap.org/incoming/sha2.c-diff.txt Submission from: (NULL) (69.43.206.100)

contrib/slapd-modules/passwd/sha2/sha2.c uses a series of context buffers and zeros them out in several places using the following macro:

MEMSET_BZERO(context, sizeof(context))

The variable 'context' is a pointer to a context buffer, so sizeof will evaluate to the size of a pointer for the particular platform. As a result, the context buffer is only partially zeroed.

The correct invocation is:

MEMSET_BZERO(context, sizeof(*context))

which will zero out the complete context buffer.

The referenced diff details the changes to sha2.c that are necessary to correct this issue.

Note this also cleans up warnings reported by MacOS's clang compiler.

I, Matthew Hardin, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.

Can you resubmit the patch using git-format-patch? Or at least using unified diff format? ;)

--Quanah

--

Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration