Zero-fill IV by default.
authorRich Salz <rsalz@openssl.org>
Thu, 28 Jun 2018 22:13:54 +0000 (18:13 -0400)
committerRich Salz <rsalz@openssl.org>
Thu, 28 Jun 2018 23:47:12 +0000 (19:47 -0400)
Fixes uninitialized memory read reported by Nick Mathewson

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6603)
(cherry picked from commit 10c3c1c1ec41ce16e51b92bb18fab92d1a42b49c)

crypto/pem/pem_lib.c

index eb59050659a7a3ea54188fe4459552a441529d6f..4ccc676ed74e70dee0cfd85d7f8abc18d07826cc 100644 (file)
@@ -487,6 +487,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
     char **header_pp = &header;
 
     cipher->cipher = NULL;
+    memset(cipher->iv, 0, sizeof(cipher->iv));
     if ((header == NULL) || (*header == '\0') || (*header == '\n'))
         return (1);
     if (strncmp(header, "Proc-Type: ", 11) != 0) {