From: Matt Caswell <matt@openssl.org>
Date: Fri, 29 Apr 2016 11:17:15 +0000 (+0100)
Subject: Don't use an uninitialised variable in srp application
X-Git-Tag: OpenSSL_1_1_0-pre6~988
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=9d7ec8090ec1f131825c1bd087969c2e88750385

Don't use an uninitialised variable in srp application

The srp application created an uninitialised DB_ATTR object and then
passed it to the load_index function which attempted to read it. A
DB_ATTR object only contains a single field called "unique_subject".
AFAICT this attribute is unused in the SRP case, and therefore it would be
better to pass a NULL DB_ATTR to load_index (which handles that case
gracefully).

Reviewed-by: Rich Salz <rsalz@openssl.org>
---

diff --git a/apps/srp.c b/apps/srp.c
index 1bf2ee299a..48ef85ded3 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -256,7 +256,6 @@ OPTIONS srp_options[] = {
 int srp_main(int argc, char **argv)
 {
     CA_DB *db = NULL;
-    DB_ATTR db_attr;
     CONF *conf = NULL;
     int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
     int doupdatedb = 0, mode = OPT_ERR;
@@ -401,7 +400,7 @@ int srp_main(int argc, char **argv)
         BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
                    srpvfile);
 
-    db = load_index(srpvfile, &db_attr);
+    db = load_index(srpvfile, NULL);
     if (db == NULL)
         goto end;