"Philip von Melle" <philip.vonmelle@globetrotter.de> wrote in message
news:Xns982EBF07689CAphilipvonmelleglobe@207.105.83.66...
> The is a bug in TIdSASL_CRAM_MD5.pas leading to an access violation due to
> memory overwrite:
I was just looking at that code the other day. There is another bug in it,
I think. IdZeroMemory() expects a TIdBytes, but the TIdMemoryStream.Memory
property is not a TIdBytes under Win32. It is a raw Pointer instead, so the
code will not work correctly.
Rather than sizing the AKey stream and then trying to fill the memory
afterwards, a cross-platform soluation would be to leave the stream empty
and then write a filled TIdBytes into it. Indy already has functions
available for filling a TIdBytes with a specific byte, and for writing a
TIdBytes into a stream. For example:
SetLength(Buffer, 64);
FillBytes(Buffer, 64, 0);
WriteTIdBytesToStream(AKey, Buffer, 64);
Gambit
