From: Frank Lichtenheld <frank@lichtenheld.com>
Date: Tue, 10 Jan 2023 13:19:47 +0000 (+0100)
Subject: xkey_pkcs11h_sign: fix dangling pointer
X-Git-Tag: v2.6_rc2~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=71f3a109f9f73f0d978f58e08caed896c064767f;p=thirdparty%2Fopenvpn.git

xkey_pkcs11h_sign: fix dangling pointer

Warning by GCC 12:
pkcs11_openssl.c:237:22: warning:
dangling pointer ‘tbs’ to ‘enc’ may be used [-Wdangling-pointer=]

Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20230110131947.59552-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25942.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 202b34da386c8574692111bad23814602d0e09f5)
---

diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index 71347d315..5c1de44e1 100644
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -169,6 +169,9 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
     unsigned char buf[EVP_MAX_MD_SIZE];
     size_t buflen;
 
+    unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough for DigestInfo header */
+    size_t enc_len = sizeof(enc);
+
     if (!strcmp(sigalg.op, "DigestSign"))
     {
         msg(D_XKEY, "xkey_pkcs11h_sign: computing digest");
@@ -214,9 +217,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
         {
             /* CMA_RSA_PKCS needs pkcs1 encoded digest */
 
-            unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough for DigestInfo header */
-            size_t enc_len = sizeof(enc);
-
             if (!encode_pkcs1(enc, &enc_len, sigalg.mdname, tbs, tbslen))
             {
                 return 0;