Opened 2 years ago

Closed 2 years ago

#4491 closed task (fixed)

Create a patch for OpenSSL to fix valgrind uninitialized value errors

Reported by: Douglas R. Reno Owned by: lfs-book
Priority: normal Milestone: 9.0
Component: Book Version: SVN
Severity: normal Keywords:
Cc:

Description

While troubleshooting the cURL test suite on OpenSSL-1.1.1c, I discovered the following PR

https://github.com/openssl/openssl/pull/8606

We need to apply the commit in this to OpenSSL.

Change History (2)

comment:1 by Bruce Dubbs, 2 years ago

This can be fixed by a sed:

crypto/rand/rand_lib.c
@@ -235,8 +235,9 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
    struct {
        void * instance;
        int count;
-   } data = { NULL, 0 };
+   } data;

+   memset(&data, 0, sizeof(data));
    pool = rand_pool_new(0, min_len, max_len);
    if (pool == NULL)
        return 0;

==================

sed -i '/\} data/s/ =.*$/;\n    memset(\&data, 0, sizeof(data));/' \
  crypto/rand/rand_lib.c
Last edited 2 years ago by Bruce Dubbs (previous) (diff)

comment:2 by Bruce Dubbs, 2 years ago

Resolution: fixed
Status: newclosed

Fixed at revision 11627.

Note: See TracTickets for help on using tickets.