Possible error in llmd5 finalize function leaving sensitive information not zeroized?

secondlife / viewer

🖥️ Second Life's official client

GNU Lesser General Public License v2.1

211 stars 53 forks source link

Possible error in llmd5 finalize function leaving sensitive information not zeroized? #2500

Open Hecklezz opened 2 months ago

Hecklezz commented 2 months ago

Description

Unless I'm mistaken, is line 219 in llmd5.cpp not supposed to be: memset (buffer, 0, sizeof(buffer)); or more preferably in modern c++: buffer = {};

Or is it intentional that only the first byte of the buffer is getting zeroized?

marchcat commented 2 months ago

For QA: there were code quality improvements made in #2507, which shouldn't affect any visible behavior.

Dan-Linden commented 1 month ago

Nothing to test. Moving this to Pending Release.

vladyslavasproductengine commented 1 month ago

Passed QA according to the Dan-Linden comment. The issue was investigated in the scope of https://github.com/secondlife/iqa/issues/356. The ticket is in Pending Release status and has not been changed.