From: Richard Levitte <levitte@openssl.org>
Date: Sun, 8 Nov 2020 09:23:54 +0000 (+0100)
Subject: UI: Use OPENSSL_zalloc() in general_allocate_prompt()
X-Git-Tag: openssl-3.0.0-alpha9~157
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=457856f27a282a9f7ebb3a72eaedc81268f4c5bb;p=thirdparty%2Fopenssl.git

UI: Use OPENSSL_zalloc() in general_allocate_prompt()

This is to ensure that fields we don't set explicitly are always zero.

Fixes #13340

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13346)
---

diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
index 017afb7c07f..af6461fb150 100644
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@@ -106,7 +106,7 @@ static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
     } else if ((type == UIT_PROMPT || type == UIT_VERIFY
                 || type == UIT_BOOLEAN) && result_buf == NULL) {
         UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER);
-    } else if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL) {
+    } else if ((ret = OPENSSL_zalloc(sizeof(*ret))) != NULL) {
         ret->out_string = prompt;
         ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0;
         ret->input_flags = input_flags;