d9a2c326d2ba8a01ca80ae8273a216494e697143
chinhli
  Tue Dec 3 15:37:27 2013 -0800
Per CR #12255 feedback:Add one more character and initialized all elements to zero
when declare the hmacStr array:

-char hmacStr[40];
+char hmacStr[41]="";

-char hmacStr[32];
+char hmacStr[33]="";

diff --git src/lib/hmac.c src/lib/hmac.c
index ab0b3ad..6680fd7 100644
--- src/lib/hmac.c
+++ src/lib/hmac.c
@@ -1,58 +1,58 @@
 /* Calculate an openssl keyed-hash message authentication code (HMAC) */
 // You may use other openssl hash engines. e.g EVP_md5(), EVP_sha224,
 // EVP_sha512, etc
 // Be careful of the length of string with the choosen hash engine.
 // SHA1 needed 20 characters, MD5 needed 16 characters.
 // Change the length accordingly with your choosen hash engine
 
 #ifdef USE_SSL 
 #include "openssl/hmac.h"
 #include "openssl/evp.h"
 #include "common.h"
 
 char *hmacSha1(char *key, char *data)
 /* Calculate a openssl SHA1 keyed-hash message authentication code (HMAC) */
 {
 unsigned char* digest;
 digest=HMAC(EVP_sha1(), key, strlen(key), (unsigned char*)data, strlen(data), NULL, NULL);
-char hmacStr[40];
+char hmacStr[41]="";
 int i;
 for(i = 0; i < 20; i++)
     sprintf(&hmacStr[i*2], "%02x", (unsigned int)digest[i]);
 return cloneString(hmacStr);
 }
 
 char *hmacMd5(char *key, char *data)
 /* Calculate a openssl MD5 keyed-hash message authentication code (HMAC) */
 {
 unsigned char* digest;
 digest=HMAC(EVP_md5(), key, strlen(key), (unsigned char*)data, strlen(data), NULL, NULL);
 //printf("Raw mdr digest: %s\n", digest);
-char hmacStr[32];
+char hmacStr[33]="";
 int i;
 for(i = 0; i < 16; i++)
     sprintf(&hmacStr[i*2], "%02x", (unsigned int)digest[i]);
 return cloneString(hmacStr);
 }
 
 #else // --------- no USE_SSL ==> errAbort with message that openssl is required --------------
 
 #include "common.h"
 #include "errabort.h"
 #define NEED_OPENSSL "kent/src must be recompiled with openssl libs and USE_SSL=1 in order for this to work."
 
 char *hmacSha1(char *key, char *data)
 /* This is just a warning that appears in the absence of USE_SSL. Real
  * implementation is above! */
 {
 errAbort(NEED_OPENSSL);
 }
 
 char *hmacMd5(char *key, char *data)
 /* This is just a warning that appears in the absence of USE_SSL. Real
  * implementation is above! */
 {
 errAbort(NEED_OPENSSL);
 }
 
 #endif