On 03/05/17 22:15, Steffan Karger wrote:
>> + switch (opt->verify_hash_algo)
>> + {
>> + case MD_SHA1:
>> + ca_hash = x509_get_sha1_fingerprint(cert, &gc);
>> + break;
>> +
>> + case MD_SHA256:
>> + ca_hash = x509_get_sha256_fingerprint(cert, &gc);
>> + break;
>> + }
> This switch should have a default: case that fails, otherwise we might
> be reading from uninitialized memory. And you might want to consider
> initializing ca_hash to "{ 0 }". (But you still need to default: case,
> otherwise you'll be doing a 0-length memcmp()).*grmbl* I was sure the enumerated type would make the compiler complain, but I must have mixed this with some C++ stuff I read not too long ago. But my stupid test allows assigning an enumerated type to any invalid value as well. I'll double check again tomorrow (when head and mind is fresh) and submit a v2. -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
