Ensure that CBB is |CBB_zero|ed before possibly calling |CBB_cleanup|. Change-Id: Ic1f58f87c67104c8a51af59086a1bb1e5ccb0e5b Reviewed-on: https://boringssl-review.googlesource.com/13084 Reviewed-by: Adam Langley <alangley@gmail.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <alangley@gmail.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 2a25aae0f536c5ecd9bbd042051f60237eb762ab [log] [tgz]
author: Adam Langley <alangley@gmail.com> Tue Jan 10 16:42:25 2017 -0800
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Jan 11 00:49:37 2017 +0000
tree: e5ced66263b2357b76fd1fd1703d10ba6060c150
parent: 4fae069c004b2bb48e018c522082224c0fc0b497 [diff]
diff --git a/crypto/pkcs8/p5_pbev2.c b/crypto/pkcs8/p5_pbev2.c
index e48191d..ae187ac 100644
--- a/crypto/pkcs8/p5_pbev2.c
+++ b/crypto/pkcs8/p5_pbev2.c

@@ -89,6 +89,9 @@
     return NULL;
   }
 
+  CBB cbb;
+  CBB_zero(&cbb);
+
   /* Generate a random PBKDF2 salt if necessary. This will be parsed back out of
    * the serialized |X509_ALGOR|. */
   X509_ALGOR *ret = NULL;
@@ -109,7 +112,7 @@
   }
 
   /* See RFC 2898, appendix A. */
-  CBB cbb, algorithm, param, kdf, kdf_param, salt_cbb, cipher_cbb, iv_cbb;
+  CBB algorithm, param, kdf, kdf_param, salt_cbb, cipher_cbb, iv_cbb;
   if (!CBB_init(&cbb, 16) ||
       !CBB_add_asn1(&cbb, &algorithm, CBS_ASN1_SEQUENCE) ||
       !OBJ_nid2cbb(&algorithm, NID_pbes2) ||
commit	2a25aae0f536c5ecd9bbd042051f60237eb762ab	[log] [tgz]
author	Adam Langley <alangley@gmail.com>	Tue Jan 10 16:42:25 2017 -0800
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Wed Jan 11 00:49:37 2017 +0000
tree	e5ced66263b2357b76fd1fd1703d10ba6060c150
parent	4fae069c004b2bb48e018c522082224c0fc0b497 [diff]