Original bug ID: 5662
The caml_MD5Final function ends with the following line:
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
The intent is to wipe the MD5 context (it contains a few bytes of the data being hashed). But since ctx is a pointer, this only wipes the first 4 or 8 bytes of the context.
memset(ctx, 0, sizeof ctx); / In case it's sensitive */
The text was updated successfully, but these errors were encountered: