[openssl.org #1985] [patch] uninitialized value in a_time.c

Artem Chuprina via RT Thu, 09 Jul 2009 08:41:41 -0700

Uninitialized t.flags value in the ASN1_TIME_set_string function may lead
(and usually leads in ca subcommand on linux) to memory leaks.  Other
possible issues are unknown to me.  The following patch (against
OpenSSL_1_0_0-stable branch as of 2009.07.09) fixes the problem.


Index: crypto/asn1/a_time.c
===================================================================
RCS file: /cvs-openssl/openssl/crypto/asn1/a_time.c,v
retrieving revision 1.24.2.1
diff -u -r1.24.2.1 a_time.c
--- crypto/asn1/a_time.c        5 Apr 2009 11:54:33 -0000       1.24.2.1
+++ crypto/asn1/a_time.c        9 Jul 2009 15:12:45 -0000
@@ -180,6 +180,7 @@
 
        t.length = strlen(str);
        t.data = (unsigned char *)str;
+       t.flags = 0;
        
        t.type = V_ASN1_UTCTIME;
 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

[openssl.org #1985] [patch] uninitialized value in a_time.c

Reply via email to