[openssl] master update
Matt Caswell
matt at openssl.org
Thu Nov 14 10:49:59 UTC 2019
The branch master has been updated
via c15faa8d5c00445b0a6316b751a7e9c770b73252 (commit)
from b3b045f6b0d23cb44f632cab8231fff362f16742 (commit)
- Log -----------------------------------------------------------------
commit c15faa8d5c00445b0a6316b751a7e9c770b73252
Author: Matt Caswell <matt at openssl.org>
Date: Tue Nov 12 17:16:14 2019 +0000
Fix an uninitialised read in conf_def.c
PR 8882 added a new field to the CONF structure. Unfortunately this
structure was created using OPENSSL_malloc() and the new field was not
explicitly initialised in the "init" function. Therefore when we came to
read it for the first time we got an uninitialised read.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10428)
-----------------------------------------------------------------------
Summary of changes:
crypto/conf/conf_def.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 4114636151..9718b73a18 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -121,9 +121,9 @@ static int def_init_default(CONF *conf)
if (conf == NULL)
return 0;
+ memset(conf, 0, sizeof(*conf));
conf->meth = &default_method;
conf->meth_data = (void *)CONF_type_default;
- conf->data = NULL;
return 1;
}
@@ -134,9 +134,9 @@ static int def_init_WIN32(CONF *conf)
if (conf == NULL)
return 0;
+ memset(conf, 0, sizeof(*conf));
conf->meth = &WIN32_method;
conf->meth_data = (void *)CONF_type_win32;
- conf->data = NULL;
return 1;
}
More information about the openssl-commits
mailing list