Hi,
On Tue, Jan 10, 2023 at 8:21 AM Frank Lichtenheld <fr...@lichtenheld.com>
wrote:
> Warning by GCC 12:
> pkcs11_openssl.c:237:22: warning:
> dangling pointer ‘tbs’ to ‘enc’ may be used [-Wdangling-pointer=]
>
> Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com>
> ---
> src/openvpn/pkcs11_openssl.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
> index 60bc1c47..ecf37ba0 100644
> --- a/src/openvpn/pkcs11_openssl.c
> +++ b/src/openvpn/pkcs11_openssl.c
> @@ -169,6 +169,9 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
> unsigned char buf[EVP_MAX_MD_SIZE];
> size_t buflen;
>
> + unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough for
> DigestInfo header */
> + size_t enc_len = sizeof(enc);
> +
> if (!strcmp(sigalg.op, "DigestSign"))
> {
> msg(D_XKEY, "xkey_pkcs11h_sign: computing digest");
> @@ -214,9 +217,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
> {
> /* CMA_RSA_PKCS needs pkcs1 encoded digest */
>
> - unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough
> for DigestInfo header */
> - size_t enc_len = sizeof(enc);
> -
> if (!encode_pkcs1(enc, &enc_len, sigalg.mdname, tbs, tbslen))
> {
> return 0;
>
I can't believe I wrote that nonsense in the first place. Fortunately
similar code in xkey_management_sign() is okay. Hard to catch in tests as
the pointer may still point to the right data after going out of scope
(dangling).
Acked-by: Selva Nair <selva.n...@gmail.com>
Selva
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
