From 3f79695be9e4628d246740bcd36c627daab676ca Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 7 Feb 2025 23:34:49 +0100 Subject: [PATCH] openssl: fix out of scope variables in goto Some of the 'goto fail' situations could happen without having initialized the local variables referenced in the error code flow. Reported-by: Marcel Raad Fixes #16246 Closes #16251 --- lib/vtls/openssl.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index b94cf847e4..68825ab94c 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1296,7 +1296,9 @@ int cert_stuff(struct Curl_easy *data, if(cert_file || cert_blob || (file_type == SSL_FILETYPE_ENGINE) || (file_type == SSL_FILETYPE_PROVIDER)) { SSL *ssl; - X509 *x509; + X509 *x509 = NULL; + EVP_PKEY *pri = NULL; + STACK_OF(X509) *ca = NULL; int cert_done = 0; int cert_use_result; @@ -1485,8 +1487,6 @@ int cert_stuff(struct Curl_easy *data, { BIO *cert_bio = NULL; PKCS12 *p12 = NULL; - EVP_PKEY *pri; - STACK_OF(X509) *ca = NULL; if(cert_blob) { cert_bio = BIO_new_mem_buf(cert_blob->data, (int)(cert_blob->len)); if(!cert_bio) { @@ -1527,8 +1527,7 @@ int cert_stuff(struct Curl_easy *data, PKCS12_PBE_add(); - if(!PKCS12_parse(p12, key_passwd, &pri, &x509, - &ca)) { + if(!PKCS12_parse(p12, key_passwd, &pri, &x509, &ca)) { failf(data, "could not parse PKCS12 file, check password, " OSSL_PACKAGE " error %s", -- 2.47.3