Commit c1acef92 authored Jan 25, 2018 by Benjamin Kaduk

Fix uninitialized read in sigalg parsing code



The check for a duplicate value was reading one entry past
where it was supposed to, getting an uninitialized value.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5172)

parent 3e524bf2

ssl/t1_lib.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1781,7 +1781,7 @@ static int sig_cb(const char elem, int len, void arg)

		/* Reject duplicates */
		for (i = 0; i < sarg->sigalgcnt - 1; i++) {
		if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt]) {
		if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) {
		sarg->sigalgcnt--;
		return 0;
		}