Hi,
On Thu, Feb 13, 2020 at 4:57 AM Lev Stipakov wrote:
>
> From: Lev Stipakov
>
> When using certificate without RSA_PKCS1_PSS_PADDING padding,
> "saltlen" is passed unitialized to priv_enc_CNG(), which causes
>
> > Run-Time Check Failure #3 - The variable 'saltlen' is being used without
> being initialized.
>
> in VS debugger.
>
> Initialize saltlen (and other variable for the sake of consistence) to zero
"consistency"
> to avoid above failure.
>
> Signed-off-by: Lev Stipakov
> ---
> src/openvpn/cryptoapi.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
> index 1bf74fcd..30eba7b2 100644
> --- a/src/openvpn/cryptoapi.c
> +++ b/src/openvpn/cryptoapi.c
> @@ -882,9 +882,9 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
> size_t *siglen,
> EVP_MD *md = NULL;
> const wchar_t *alg = NULL;
>
> -int padding;
> -int hashlen;
> -int saltlen;
> +int padding = 0;
> +int hashlen = 0;
> +int saltlen = 0;
>
> pkey = EVP_PKEY_CTX_get0_pkey(ctx);
> if (pkey)
Yeah, technically it may be "undefined behaviour" to pass an
uninitialized var to a function even when its not used there.
Acked-by: Selva Nair
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel