From: Selva Nair Date: Sun, 8 Sep 2024 22:42:20 +0000 (-0400) Subject: Initialize before use struct user_pass in ui_reader() X-Git-Tag: v2.7_alpha1~217 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=67124dcf317460609860a2ea7cb7a55ceed4a4ce;p=thirdparty%2Fopenvpn.git Initialize before use struct user_pass in ui_reader() This was missed in commit 3512e8d3ad Also add a comment to clarify how pem_password_callback is accessed in ui_reader(). Change-Id: I82835ff8e1e31e067efd81bfb6e8cd19ee004d9c Signed-off-by: Selva Nair Acked-by: Gert Doering Message-Id: <20240908224220.478684-1-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29114.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 05555a38f..0d845f4a2 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -776,7 +776,9 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name) #if defined(HAVE_OPENSSL_STORE_API) /** - * A wrapper for pem_password_callback for use with OpenSSL UI_METHOD. + * A wrapper for password callback for use with OpenSSL UI_METHOD. + * The callback is obtained using SSL_CTX_get_default_passwd_cb() + * which is set to pem_password_callback() in tls_ctx_set_options(). */ static int ui_reader(UI *ui, UI_STRING *uis) @@ -791,6 +793,7 @@ ui_reader(UI *ui, UI_STRING *uis) if (strstr(prompt, "PKCS#11")) { struct user_pass up; + CLEAR(up); get_user_pass(&up, NULL, "PKCS#11 token", GET_USER_PASS_MANAGEMENT|GET_USER_PASS_PASSWORD_ONLY); UI_set_result(ui, uis, up.password); purge_user_pass(&up, true);