Opened 5 years ago

Closed 5 years ago

#4491 closed task (fixed)

Create a patch for OpenSSL to fix valgrind uninitialized value errors

Reported by: Douglas R. Reno Owned by: lfs-book
Priority: normal Milestone: 9.0
Component: Book Version: SVN
Severity: normal Keywords:
Cc:

Description

While troubleshooting the cURL test suite on OpenSSL-1.1.1c, I discovered the following PR

https://github.com/openssl/openssl/pull/8606

We need to apply the commit in this to OpenSSL.

Change History (2)

comment:1 by Bruce Dubbs, 5 years ago

This can be fixed by a sed:

crypto/rand/rand_lib.c @@ -235,8 +235,9 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg,

struct {

void * instance; int count;

  • } data = { NULL, 0 };

+ } data;

+ memset(&data, 0, sizeof(data));

pool = rand_pool_new(0, min_len, max_len); if (pool == NULL)

return 0;

================== sed -i '/\} data/s/ =.*$/;\n memset(\&data, 0, sizeof(data));/' \

crypto/rand/rand_lib.c

Version 0, edited 5 years ago by Bruce Dubbs (next)

comment:2 by Bruce Dubbs, 5 years ago

Resolution: fixed
Status: newclosed

Fixed at revision 11627.

Note: See TracTickets for help on using tickets.