 |
|
 |
Newsgroups : Borland : borland.public.delphi.internet.winsock : 2006 Aug : Bug in TIdSASL_CRAM_MD5.pas
|
|
|
| Subject: | Bug in TIdSASL_CRAM_MD5.pas |
| Posted by: | "Philip von Melle" (philip.vonmel..@globetrotter.de) |
| Date: | 29 Aug 2006 09:46:43 |
The is a bug in TIdSASL_CRAM_MD5.pas leading to an access violation due to
memory overwrite:
In the class function TIdSASLCRAMMD5.BuildKeydMD5Auth() in line 163 the
following is called:
IdZeroMemory(AKey.Memory, AKey.Size)
This overwrites memory since not the pointer AKEy.Memory should be zeroed
out but the area of memmory it points to. However just writing AKey.Memory^
does not help because IdZeroMemory does not accept that as a parameter.
Regards, Philip
|
|
|
|