From c15faa8d5c00445b0a6316b751a7e9c770b73252 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 12 Nov 2019 17:16:14 +0000 Subject: [PATCH] Fix an uninitialised read in conf_def.c PR 8882 added a new field to the CONF structure. Unfortunately this structure was created using OPENSSL_malloc() and the new field was not explicitly initialised in the "init" function. Therefore when we came to read it for the first time we got an uninitialised read. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/10428) --- crypto/conf/conf_def.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 4114636151..9718b73a18 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -121,9 +121,9 @@ static int def_init_default(CONF *conf) if (conf == NULL) return 0; + memset(conf, 0, sizeof(*conf)); conf->meth = &default_method; conf->meth_data = (void *)CONF_type_default; - conf->data = NULL; return 1; } @@ -134,9 +134,9 @@ static int def_init_WIN32(CONF *conf) if (conf == NULL) return 0; + memset(conf, 0, sizeof(*conf)); conf->meth = &WIN32_method; conf->meth_data = (void *)CONF_type_win32; - conf->data = NULL; return 1; } -- 2.25.1