package/libs/libcgi/patches/002-fix_md5_bug.patch

--- ../libcgi-1.0-last/libcgi-1.0/src/md5.c	2014-10-28 15:16:27.000000000 +0800
+++ libcgi-1.0/src/md5.c	2015-05-20 15:36:47.000000000 +0800
@@ -65,17 +65,18 @@
 **/
 char *md5(const char *str)
 {
-	char *tmp, buf[32];
+	char *tmp, buf[32] = { 0 };
 	int i, str_size;
 	unsigned char md[16];
 	MD5_CTX context;
 
 	// allocating a pointer to the string
 	str_size = strlen(str) + 1;
-	tmp = (char *)malloc(str_size);
+	tmp = (char *)malloc(32 + 1);
 	if (tmp == NULL)
 		libcgi_error(E_MEMORY, "%s, line %s", __FILE__, __LINE__);
 
+	memset(tmp, 0, 32 + 1);
 	// initializing a context that will content the encrypted string
 	MD5Init(&context);
 	MD5Update(&context, str, strlen(str));
@@ -85,12 +86,12 @@
 	
 	// here, the loop is less than 32 because a md5 string can content
 	// just 32 bytes
-	for(i = 0; i < 32; i++) {
+	for(i = 0; i <16; i++) {
 		snprintf(buf, sizeof(float), "%02x", md[i]);
 		strncat(tmp, buf, sizeof(float));
 	}
 
-	tmp[i] = '\0';
+	tmp[32] = '\0';
 
 	// returning a encrypted string
 	return tmp;