From 37a830e729f56cfc7b893f321880ac52f1b35cdb Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Sun, 25 Aug 2019 17:10:48 +1000 Subject: [PATCH] Fix Issue OSS-Fuzz: Branch on uninitialized memory (in ccm code). This would also happen for aes-ccm. There was one branch path where it just returned 1 without setting *padlen, It now branches so that the value is set to 0. Fixes #9691 Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9692) --- providers/common/ciphers/cipher_ccm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/providers/common/ciphers/cipher_ccm.c b/providers/common/ciphers/cipher_ccm.c index 980c815aa1..fcfef73197 100644 --- a/providers/common/ciphers/cipher_ccm.c +++ b/providers/common/ciphers/cipher_ccm.c @@ -349,7 +349,7 @@ static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out, /* EVP_*Final() doesn't return any data */ if (in == NULL && out != NULL) - return 1; + goto finish; if (!ctx->iv_set) goto err; @@ -388,6 +388,7 @@ static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out, } } olen = len; +finish: rv = 1; err: *padlen = olen; -- 2.25.1