| commit | e06f172bf22c098719d0d9b970f839b39dcd41ce | [log] [tgz] |
|---|---|---|
| author | Bob Beck <bbe@google.com> | Thu Mar 02 09:02:54 2023 -0700 |
| committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | Thu Mar 02 17:10:21 2023 +0000 |
| tree | 7923937e5bd026d3dc43b0b07dbcd0168b592083 | |
| parent | 76cb7c5eb726e7637ed4c627ac27dacbd6250584 [diff] |
Fix use of unitialized cbb on failure case. This made fido2's fuzzer angry: https://buganizer.corp.google.com/issues/271220905 Change-Id: Ib1b909be10f230df2daea3942f35cba0a81dcedb Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/57765 Commit-Queue: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com> Auto-Submit: Bob Beck <bbe@google.com> Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 80cfac4..85a7b98 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c
@@ -222,6 +222,8 @@ } } + CBB cbb; + CBB_zero(&cbb); // If both the same type just copy across if (inform == outform) { if (!ASN1_STRING_set(dest, in, len)) { @@ -231,8 +233,6 @@ *out = dest; return str_type; } - - CBB cbb; if (!CBB_init(&cbb, size_estimate + 1)) { goto err; }