ospfd: invalid MD5 auth_key?

This looks fishy in ospf_make_md5_digest()
if (list_isempty (OSPF_IF_PARAM (oi, auth_crypt)))
    auth_key = (const u_int8_t *) "";
...
MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
auth_key points to a "" string of len 1 which is a lot
smaller that OSPF_AUTH_MD5_SIZE. Is this intentional to
get some random data or just a plain bug?

Anyone using MD5 should have a closer look and decide
what to do.

1 files changed, 2 insertions, 2 deletions

diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c
index 1066e64f..78add552 100644
--- a/ospfd/ospf_packet.c
+++ b/ospfd/ospf_packet.c
@@ -324,7 +324,7 @@ static int
 ospf_make_md5_digest (struct ospf_interface *oi, struct ospf_packet *op)
 {
   struct ospf_header *ospfh;
-  unsigned char digest[OSPF_AUTH_MD5_SIZE];
+  unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
   MD5_CTX ctx;
   void *ibuf;
   u_int32_t t;
@@ -351,7 +351,7 @@ ospf_make_md5_digest (struct ospf_interface *oi, struct ospf_packet *op)
 
   /* Get MD5 Authentication key from auth_key list. */
   if (list_isempty (OSPF_IF_PARAM (oi, auth_crypt)))
-    auth_key = (const u_int8_t *) "";
+    auth_key = (const u_int8_t *) digest;
   else
     {
       ck = listgetdata (listtail(OSPF_IF_PARAM (oi, auth_crypt)));