ASR_BASE
Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1
diff --git a/package/libs/libcgi/patches/002-fix_md5_bug.patch b/package/libs/libcgi/patches/002-fix_md5_bug.patch
new file mode 100644
index 0000000..94e0466
--- /dev/null
+++ b/package/libs/libcgi/patches/002-fix_md5_bug.patch
@@ -0,0 +1,38 @@
+--- ../libcgi-1.0-last/libcgi-1.0/src/md5.c 2014-10-28 15:16:27.000000000 +0800
++++ libcgi-1.0/src/md5.c 2015-05-20 15:36:47.000000000 +0800
+@@ -65,17 +65,18 @@
+ **/
+ char *md5(const char *str)
+ {
+- char *tmp, buf[32];
++ char *tmp, buf[32] = { 0 };
+ int i, str_size;
+ unsigned char md[16];
+ MD5_CTX context;
+
+ // allocating a pointer to the string
+ str_size = strlen(str) + 1;
+- tmp = (char *)malloc(str_size);
++ tmp = (char *)malloc(32 + 1);
+ if (tmp == NULL)
+ libcgi_error(E_MEMORY, "%s, line %s", __FILE__, __LINE__);
+
++ memset(tmp, 0, 32 + 1);
+ // initializing a context that will content the encrypted string
+ MD5Init(&context);
+ MD5Update(&context, str, strlen(str));
+@@ -85,12 +86,12 @@
+
+ // here, the loop is less than 32 because a md5 string can content
+ // just 32 bytes
+- for(i = 0; i < 32; i++) {
++ for(i = 0; i <16; i++) {
+ snprintf(buf, sizeof(float), "%02x", md[i]);
+ strncat(tmp, buf, sizeof(float));
+ }
+
+- tmp[i] = '\0';
++ tmp[32] = '\0';
+
+ // returning a encrypted string
+ return tmp;