[OPEN-ILS-DEV] PATCH: sha.c (buffer overflow)

[Mike Rylander]

On 8/5/07, Scott McKellar <mck9 at swbell.net> wrote:
> In sha.c, the static buffer named "final" is one byte too small.  As a
> result, when we fill it, we place a terminal nul one byte past the end
> of the buffer.  The results may range from the harmless to the
> catastrophic, depending on what that byte is used for, if anything.
>
> This patch embiggens the buffer by one.

Thanks, Scott.  It's applied now.  And thanks for contacting the
original author!

-- 
Mike Rylander
Equinox Software, Inc
miker at esilibrary.com
http://esilibrary.com/