Hi, On Thu, Feb 13, 2020 at 4:57 AM Lev Stipakov <lstipa...@gmail.com> wrote: > > From: Lev Stipakov <l...@openvpn.net> > > When using certificate without RSA_PKCS1_PSS_PADDING padding, > "saltlen" is passed unitialized to priv_enc_CNG(), which causes > > > Run-Time Check Failure #3 - The variable 'saltlen' is being used without > being initialized. > > in VS debugger. > > Initialize saltlen (and other variable for the sake of consistence) to zero
"consistency" > to avoid above failure. > > Signed-off-by: Lev Stipakov <l...@openvpn.net> > --- > src/openvpn/cryptoapi.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c > index 1bf74fcd..30eba7b2 100644 > --- a/src/openvpn/cryptoapi.c > +++ b/src/openvpn/cryptoapi.c > @@ -882,9 +882,9 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, > size_t *siglen, > EVP_MD *md = NULL; > const wchar_t *alg = NULL; > > - int padding; > - int hashlen; > - int saltlen; > + int padding = 0; > + int hashlen = 0; > + int saltlen = 0; > > pkey = EVP_PKEY_CTX_get0_pkey(ctx); > if (pkey) Yeah, technically it may be "undefined behaviour" to pass an uninitialized var to a function even when its not used there. Acked-by: Selva Nair <selva.n...@gmail.com> Selva _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
