Fix an uninitialised read in conf_def.c
authorMatt Caswell <matt@openssl.org>
Tue, 12 Nov 2019 17:16:14 +0000 (17:16 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 14 Nov 2019 10:42:45 +0000 (10:42 +0000)
PR 8882 added a new field to the CONF structure. Unfortunately this
structure was created using OPENSSL_malloc() and the new field was not
explicitly initialised in the "init" function. Therefore when we came to
read it for the first time we got an uninitialised read.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10428)

crypto/conf/conf_def.c

index 4114636..9718b73 100644 (file)
@@ -121,9 +121,9 @@ static int def_init_default(CONF *conf)
     if (conf == NULL)
         return 0;
 
+    memset(conf, 0, sizeof(*conf));
     conf->meth = &default_method;
     conf->meth_data = (void *)CONF_type_default;
-    conf->data = NULL;
 
     return 1;
 }
@@ -134,9 +134,9 @@ static int def_init_WIN32(CONF *conf)
     if (conf == NULL)
         return 0;
 
+    memset(conf, 0, sizeof(*conf));
     conf->meth = &WIN32_method;
     conf->meth_data = (void *)CONF_type_win32;
-    conf->data = NULL;
 
     return 1;
 }