diff options
| author | tb <> | 2021-03-21 19:08:22 +0000 |
|---|---|---|
| committer | tb <> | 2021-03-21 19:08:22 +0000 |
| commit | eca136386e46c2c7850825330ee8c19374d1fe58 (patch) | |
| tree | fdfd6c405225918efd31ae3812163a0b671e59e6 /src | |
| parent | 8e8e017672bc63d9aced0d649c8f3ec9424192e5 (diff) | |
| download | openbsd-eca136386e46c2c7850825330ee8c19374d1fe58.tar.gz openbsd-eca136386e46c2c7850825330ee8c19374d1fe58.tar.bz2 openbsd-eca136386e46c2c7850825330ee8c19374d1fe58.zip | |
Fully initialize rrec in tls12_record_layer_open_record_protected
The CBC code path initializes rrec.padding_length in an indirect fashion
and later makes use of it for copying the MAC. This is confusing some
static analyzers as well as people investigating the whining. Avoid this
confusion and add a bit of robustness by clearing the stack variable up
front.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/tls12_record_layer.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c index ee8552a9ca..ba3c3dfb2b 100644 --- a/src/lib/libssl/tls12_record_layer.c +++ b/src/lib/libssl/tls12_record_layer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls12_record_layer.c,v 1.23 2021/03/02 17:26:25 jsing Exp $ */ | 1 | /* $OpenBSD: tls12_record_layer.c,v 1.24 2021/03/21 19:08:22 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -922,6 +922,7 @@ tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl, | |||
| 922 | int ret = 0; | 922 | int ret = 0; |
| 923 | 923 | ||
| 924 | memset(&cbb_mac, 0, sizeof(cbb_mac)); | 924 | memset(&cbb_mac, 0, sizeof(cbb_mac)); |
| 925 | memset(&rrec, 0, sizeof(rrec)); | ||
| 925 | 926 | ||
| 926 | if (!tls12_record_protection_block_size(rl->read, &block_size)) | 927 | if (!tls12_record_protection_block_size(rl->read, &block_size)) |
| 927 | goto err; | 928 | goto err; |