From: Selva Nair <selva.nair@gmail.com>
Date: Tue, 9 May 2023 17:05:17 +0000 (-0400)
Subject: Bugfix: dangling pointer passed to pkcs11-helper
X-Git-Tag: v2.7_alpha1~472
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f4850745709c5b80ab7d09c03a86c5ceea6d10a2;p=thirdparty%2Fopenvpn.git

Bugfix: dangling pointer passed to pkcs11-helper

Github: Fixes OpenVPN/openvpn#323

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230509170517.2637245-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26640.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index eee86e17b..9b0ab39f9 100644
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -165,6 +165,7 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
 {
     pkcs11h_certificate_t cert = handle;
     CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0}; /* default value */
+    CK_RSA_PKCS_PSS_PARAMS pss_params = {0};
 
     unsigned char buf[EVP_MAX_MD_SIZE];
     size_t buflen;
@@ -203,7 +204,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
         }
         else if (!strcmp(sigalg.padmode, "pss"))
         {
-            CK_RSA_PKCS_PSS_PARAMS pss_params = {0};
             mech.mechanism = CKM_RSA_PKCS_PSS;
 
             if (!set_pss_params(&pss_params, sigalg, cert))