Hi Kevin, On 2026-04-20T07:04:02+0800, Kevin J. McCarthy wrote: > On Sun, Apr 19, 2026 at 08:24:01PM +0200, Alejandro Colomar via Mutt-dev > wrote: > > strfcpy() ensures it creates a string. But that's not what we want. > > Here, we just want raw bytes in the output. It's only the input which > > is a string (password). > > > > strncpy(3) is quite appropriate for this specific use. It's a function > > that takes a C string as input, and fills a fixed-size buffer with bytes > > from it, zeroing the unused remainder part of the buffer. > > > > Because of this use of strncpy(3), we can remove the memset(3) calls. > > They're now entirely redundant. (The other branch fills the entire > > buffer, so it was only meaningful in the branch we're touching.) > > It's early and my brain isn't fully awake. But I believe this is incorrect. > The other branch only fills to MD5_DIGEST_LEN. Removing the memset() in > that case, and copying the entire secret buffer, instead of secret_len, > would break the algorithm.
Oh, I had misread and confused MD_DIGEST_LEN by MD5_BLOCK_LEN, and thought there was only one size being used everywhere. Yup; please discard my patch. I'll have another look today. Cheers, Alex > > -- > Kevin J. McCarthy > GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA -- <https://www.alejandro-colomar.es>
signature.asc
Description: PGP signature
