[Openvpn-devel] Initialize before use struct user_pass in ui_reader()

Message ID 20240908224220.478684-1-selva.nair@gmail.com
State Accepted
Headers show
Series [Openvpn-devel] Initialize before use struct user_pass in ui_reader() | expand

Commit Message

Selva Nair Sept. 8, 2024, 10:42 p.m. UTC
From: Selva Nair <selva.nair@gmail.com>

This was missed in commit 3512e8d3ad
Also add a comment to clarify how pem_password_callback is accessed
in ui_reader().

Change-Id: I82835ff8e1e31e067efd81bfb6e8cd19ee004d9c
Signed-off-by: Selva Nair <selva.nair@gmail.com>
---
 src/openvpn/ssl_openssl.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Gert Doering Sept. 9, 2024, 6:05 a.m. UTC | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

Thanks :-)  (not much to test here)

Your patch has been applied to the master branch.

commit 67124dcf317460609860a2ea7cb7a55ceed4a4ce
Author: Selva Nair
Date:   Sun Sep 8 18:42:20 2024 -0400

     Initialize before use struct user_pass in ui_reader()

     Signed-off-by: Selva Nair <selva.nair@gmail.com>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20240908224220.478684-1-selva.nair@gmail.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29114.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 05555a38..0d845f4a 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -776,7 +776,9 @@  tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name)
 
 #if defined(HAVE_OPENSSL_STORE_API)
 /**
- * A wrapper for pem_password_callback for use with OpenSSL UI_METHOD.
+ * A wrapper for password callback for use with OpenSSL UI_METHOD.
+ * The callback is obtained using SSL_CTX_get_default_passwd_cb()
+ * which is set to pem_password_callback() in tls_ctx_set_options().
  */
 static int
 ui_reader(UI *ui, UI_STRING *uis)
@@ -791,6 +793,7 @@  ui_reader(UI *ui, UI_STRING *uis)
         if (strstr(prompt, "PKCS#11"))
         {
             struct user_pass up;
+            CLEAR(up);
             get_user_pass(&up, NULL, "PKCS#11 token", GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY);
             UI_set_result(ui, uis, up.password);
             purge_user_pass(&up, true);