Fix possible uninitialized err variable in libskba der builder
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Jakuje
	Feb 12 2024, 10:08 AM

Description

We got a report about a usage of possible uninitialized variable in libksba. After revieving the report, this one sounds like a positive

"Error: UNINIT (CWE-457):
libksba-1.5.1/src/der-builder.c:552: var_decl: Declaring variable ""err"" without initializer.
libksba-1.5.1/src/der-builder.c:666: uninit_use: Using uninitialized value ""err"".

664| leave:
665| xfree (buffer);
666|-> return err;
667| }"

The variable err is used uninitialized when no error happens along the way if I do not miss something.

The fix is trivial, but attached here:

libksba-uninitializer-err.patch677 BDownload

Details

Version: master

Revisions and Commits

rK libksba
	rK75e94db38ccd der-builder: Fix possible uninitialized variable.

Related Objects

Mentioned In: T7009: Release Libksba 1.6.6

Event Timeline

Jakuje created this task.Feb 12 2024, 10:08 AM

• gniibe claimed this task.Feb 13 2024, 9:05 AM

• gniibe triaged this task as Normal priority.

Thank you, applied.

• gniibe added a commit: rK75e94db38ccd: der-builder: Fix possible uninitialized variable..Feb 14 2024, 7:13 AM

@Jakuje, you are right. This is a plain error and we should do a new release to avoid false errors.

• werner mentioned this in T7009: Release Libksba 1.6.6.Feb 23 2024, 9:57 AM

Fixed in libksba 1.6.6.