-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed md5 buffer in LLMD5::finalize not being correctly zero-initialized #2507
Fixed md5 buffer in LLMD5::finalize not being correctly zero-initialized #2507
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! Thank you!
Mac build fails with
so the buffer should be either initialized as
or, alternatively, we can use std::fill:
|
Whoops my bad, I really should have tested compiling first before blindly making that change and trusting intellisense that it said nothing was wrong and not remembering that C arrays are not assignable like that after they have already been defined. Should we stick with memset since a large portion of the rest of the codebase is still using memset, or should the code be changed to be more in line with modern C++ standards? |
While at it, can we maybe change the finalized member to a bool? Regarding memset. If this is down deemed security related and the buffer must be cleared, then memset_s or something like SecureZeroMemory needs to be employed. |
64d67aa
to
c3e4056
Compare
I went back to using regular memset. Doing some googling, supposedly MSVC does not even have memset_s implemented even if you set the define it wants, and SecureZeroMemory is windows specific so that isn't helpful either. I also went ahead and did a bit of a tidy-up of the llmd5 files so they weren't so outdated interms of code styling. |
c3e4056
to
208e4c4
Compare
208e4c4
to
5c1351c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks much better now.
Thank you for your efforts!
Fixes the error mentioned in my issue posted here-
#2500
Unless I am mistaken and it is intentional, the md5 buffer in the LLMD5::finalize function is being incorrectly zeroized and instead only the first byte is being zeroized.
Also went ahead and refactored the code so it more closely matches the styling of the rest of the codebase.