fix use of uninitialized memory

This commit is contained in:
Tomas Mraz 2019-05-30 11:55:39 +02:00
parent 31d61b19d5
commit 4784e45765
2 changed files with 18 additions and 1 deletions

View File

@ -65,3 +65,17 @@ diff -up openssl-1.1.1c/crypto/err/err.c.sync openssl-1.1.1c/crypto/err/err.c
}
}
if (str->string == NULL)
diff -up openssl-1.1.1c/crypto/rand/rand_lib.c.sync openssl-1.1.1c/crypto/rand/rand_lib.c
--- openssl-1.1.1c/crypto/rand/rand_lib.c.sync 2019-05-29 17:20:17.175099183 +0200
+++ openssl-1.1.1c/crypto/rand/rand_lib.c 2019-05-30 11:51:20.784850208 +0200
@@ -239,8 +239,9 @@ size_t rand_drbg_get_nonce(RAND_DRBG *dr
struct {
void * instance;
int count;
- } data = { NULL, 0 };
+ } data;
+ memset(&data, 0, sizeof(data));
pool = rand_pool_new(0, min_len, max_len);
if (pool == NULL)
return 0;

View File

@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.1.1c
Release: 1%{?dist}
Release: 2%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@ -454,6 +454,9 @@ export LD_LIBRARY_PATH
%ldconfig_scriptlets libs
%changelog
* Thu May 30 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-2
- fix use of uninitialized memory
* Wed May 29 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-1
- update to the 1.1.1c release