Hi, We are using Sentry (a C/C++ static analysis tool) to analyze openssl on a nightly basis. Sentry found that an uninitialiezd variable usage was recently introduced in the commit 1.168.
You can see the commit here, http://cvs.openssl.org/filediff?f=openssl/ssl/s3_clnt.c&v1=1.167&v2=1.168 The import lines are, #ifndef OPENSSL_NO_DH else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { DH *dh_srvr,*dh_clnt; <- dh_clnt declared uninitialized SESS_CERT *scert = s->session->sess_cert; if (scert == NULL) {...} if (scert->peer_dh_tmp != NULL) <- Take true path dh_srvr=scert->peer_dh_tmp; else {... } if (s->s3->flags & ...) <- Take true path { EVP_PKEY *clkey = s->cert->key->privatekey; if (clkey) <- Take false path dh_clnt = EVP_PKEY_get1_DH(clkey); if (dh_clnt == NULL) <- Uninitalized variable dh_clnt used } A possible solution to this problem, would be to assign val to 0 on initialization. I suspect you'll have to look more closely at the code in question to determine this. Thanks, Chris -- Chris Wilson http://vigilantsw.com/ Vigilant Software, LLC ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
