From: Olivier Houchard <ohouchard@haproxy.com>
Date: Sat, 6 Sep 2025 12:18:18 +0000 (+0200)
Subject: BUG/MEDIUM: ssl: Properly initialize msg_controllen.
X-Git-Tag: v3.3-dev9~203
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b3e685ac3d6f49fd323cb4562564082e1b07ecc1;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: ssl: Properly initialize msg_controllen.

When kTLS is compiled in, make sure msg_controllen is initialized to 0.
If we're not actually kTLS, then it won't be set, but we'll check that
it is non-zero later to check if we ancillary data.
This does not need to be backported.
This should fix CID 1620865, as reported in github issue #3106.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5e7865e52..f16b4e7c0 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -344,7 +344,7 @@ static int ha_ssl_read(BIO *h, char *buf, int size)
 		struct cmsghdr hdr;
 		char buf[CMSG_SPACE(sizeof(unsigned char))];
 	} cmsgbuf;
-	size_t msg_controllen;
+	size_t msg_controllen = 0;
 #endif
 #endif
 	struct buffer tmpbuf;