From 27e46ee688b68a3386b81874dd2881e50f8afb0e Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 21 Mar 2021 19:08:22 +0000 Subject: [PATCH] Fully initialize rrec in tls12_record_layer_open_record_protected The CBC code path initializes rrec.padding_length in an indirect fashion and later makes use of it for copying the MAC. This is confusing some static analyzers as well as people investigating the whining. Avoid this confusion and add a bit of robustness by clearing the stack variable up front. ok jsing --- lib/libssl/tls12_record_layer.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/libssl/tls12_record_layer.c b/lib/libssl/tls12_record_layer.c index ee8552a9ca1..ba3c3dfb2bd 100644 --- a/lib/libssl/tls12_record_layer.c +++ b/lib/libssl/tls12_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls12_record_layer.c,v 1.23 2021/03/02 17:26:25 jsing Exp $ */ +/* $OpenBSD: tls12_record_layer.c,v 1.24 2021/03/21 19:08:22 tb Exp $ */ /* * Copyright (c) 2020 Joel Sing * @@ -922,6 +922,7 @@ tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl, int ret = 0; memset(&cbb_mac, 0, sizeof(cbb_mac)); + memset(&rrec, 0, sizeof(rrec)); if (!tls12_record_protection_block_size(rl->read, &block_size)) goto err; -- 2.20.1