From 26ddc536b0ab5fc62d6503c82c34dd3dbf112dc3 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 18 Jun 2015 14:20:31 +0200 Subject: [PATCH] openssl: fix use of uninitialized buffer Make sure that the error buffer is always initialized and simplify the use of it to make the logic easier. Bug: https://github.com/bagder/curl/issues/318 Reported-by: sneis --- lib/vtls/openssl.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index e841936169bef6..37d50cb602e0e7 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -2137,10 +2137,9 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex) else { /* untreated error */ unsigned long errdetail; - char error_buffer[256]; /* OpenSSL documents that this must be at least - 256 bytes long. */ + char error_buffer[256]=""; /* OpenSSL documents that this must be at + least 256 bytes long. */ CURLcode result; - const char *cert_problem = NULL; long lerr; connssl->connecting_state = ssl_connect_2; /* the connection failed, @@ -2172,9 +2171,10 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex) X509_verify_cert_error_string(lerr)); } else - cert_problem = "SSL certificate problem, verify that the CA cert is" - " OK."; - + /* strcpy() is fine here as long as the string fits within + error_buffer */ + strcpy(error_buffer, + "SSL certificate problem, check your CA cert"); break; default: result = CURLE_SSL_CONNECT_ERROR; @@ -2195,7 +2195,7 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex) } /* Could be a CERT problem */ - failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer); + failf(data, "%s", error_buffer); return result; }