diff options
author | Daniel Stenberg <daniel@haxx.se> | 2015-06-18 14:20:31 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2015-06-18 14:20:31 +0200 |
commit | 26ddc536b0ab5fc62d6503c82c34dd3dbf112dc3 (patch) | |
tree | 8f2e6b5e9503077a788aff8c14665a2a5f7d6513 | |
parent | 0e7d76d6a87bbae77af0bf37bed4428748295a44 (diff) |
openssl: fix use of uninitialized buffer
Make sure that the error buffer is always initialized and simplify the
use of it to make the logic easier.
Bug: https://github.com/bagder/curl/issues/318
Reported-by: sneis
-rw-r--r-- | lib/vtls/openssl.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index e84193616..37d50cb60 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -2137,10 +2137,9 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex) else { /* untreated error */ unsigned long errdetail; - char error_buffer[256]; /* OpenSSL documents that this must be at least - 256 bytes long. */ + char error_buffer[256]=""; /* OpenSSL documents that this must be at + least 256 bytes long. */ CURLcode result; - const char *cert_problem = NULL; long lerr; connssl->connecting_state = ssl_connect_2; /* the connection failed, @@ -2172,9 +2171,10 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex) X509_verify_cert_error_string(lerr)); } else - cert_problem = "SSL certificate problem, verify that the CA cert is" - " OK."; - + /* strcpy() is fine here as long as the string fits within + error_buffer */ + strcpy(error_buffer, + "SSL certificate problem, check your CA cert"); break; default: result = CURLE_SSL_CONNECT_ERROR; @@ -2195,7 +2195,7 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex) } /* Could be a CERT problem */ - failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer); + failf(data, "%s", error_buffer); return result; } |