Bug in Magic Money minting found
qwerty-remailer at netcom.com
qwerty-remailer at netcom.com
Fri Feb 11 11:10:38 PST 1994
Here is code from near the end of mms_mint in s.c:
free(pc);
pgp_fix_mpi(&c->c);
f=fifo_file_create(fp);
fifo_put(MM_REGCOIN,f);
fifo_aput(pc->coinid,16,f);
pc is being freed but then used four lines later. This is why the
coinid field was being corrupted in the output coins.dat file. The
fix is to move the free to after the fifo_aput.
More information about the Testlist
mailing list