Fixed buffer overflow in Utils::Md5::hexdigest()

defanator · zimmerle · commit ae020763402c · 2019-01-14T16:29:07.000-03:00
Found via failed test (auditlog.json) on Alpine Linux 3.8.2.
diff --git a/src/utils/md5.cc b/src/utils/md5.cc
@@ -13,7 +13,7 @@ std::string Md5::hexdigest(std::string& input) {
     mbedtls_md5(reinterpret_cast<const unsigned char *>(input.c_str()),
         input.size(), digest);
 
-    char buf[32];
+    char buf[33];
     for (int i = 0; i < 16; i++) {
         sprintf(buf+i*2, "%02x", digest[i]);
     }

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ std::string Md5::hexdigest(std::string& input) {`
`13`	`13`	`mbedtls_md5(reinterpret_cast<const unsigned char *>(input.c_str()),`
`14`	`14`	`input.size(), digest);`
`15`	`15`
`16`		`- char buf[32];`
	`16`	`+ char buf[33];`
`17`	`17`	`for (int i = 0; i < 16; i++) {`
`18`	`18`	`sprintf(buf+i*2, "%02x", digest[i]);`
`19`	`19`	`}`