Commit 84f03b3af0b8a4e2aa38ab106a17dff183b2c977
2018-02-16T10:48:55
streams: openssl: fix use of uninitialized variable When verifying the server certificate, we do try to make sure that the hostname actually matches the certificate alternative names. In cases where the host is either an IPv4 or IPv6 address, we have to compare the binary representations of the hostname with the declared IP address of the certificate. We only do that comparison in case we were successfully able to parse the hostname as an IP, which would always result in the memory region being initialized. Still, GCC 6.4.0 was complaining about usage of non-initialized memory. Fix the issue by simply asserting that `addr` needs to be initialized. This shuts up the GCC warning.
diff --git a/src/streams/openssl.c b/src/streams/openssl.c
index d00e98e..9cbb274 100644
--- a/src/streams/openssl.c
+++ b/src/streams/openssl.c
@@ -344,7 +344,7 @@ static int verify_server_cert(SSL *ssl, const char *host)
GENERAL_NAMES *alts;
struct in6_addr addr6;
struct in_addr addr4;
- void *addr;
+ void *addr = NULL;
int i = -1, j, error = 0;
if (SSL_get_verify_result(ssl) != X509_V_OK) {
@@ -357,7 +357,7 @@ static int verify_server_cert(SSL *ssl, const char *host)
type = GEN_IPADD;
addr = &addr4;
} else {
- if(p_inet_pton(AF_INET6, host, &addr6)) {
+ if (p_inet_pton(AF_INET6, host, &addr6)) {
type = GEN_IPADD;
addr = &addr6;
}
@@ -397,7 +397,7 @@ static int verify_server_cert(SSL *ssl, const char *host)
matched = 1;
} else if (type == GEN_IPADD) {
/* Here name isn't so much a name but a binary representation of the IP */
- matched = !!memcmp(name, addr, namelen);
+ matched = addr && !!memcmp(name, addr, namelen);
}
}
}