wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Zero-fill IV by default.

Browse source 
Fixes uninitialized memory read reported by Nick Mathewson

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6603)
This commit is contained in:
Rich Salz 2018-06-28 18:13:54 -04:00
parent 358ffa05cd
commit 10c3c1c1ec
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
crypto/pem/pem_lib.c
View file

@ -488,6 +488,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
char *dekinfostart, c;
cipher->cipher = NULL;
memset(cipher->iv, 0, sizeof(cipher->iv));
if ((header == NULL) || (*header == '\0') || (*header == '\n'))
return 1;