Commit 9d7ec809 authored by Matt Caswell's avatar Matt Caswell
Browse files

Don't use an uninitialised variable in srp application 



The srp application created an uninitialised DB_ATTR object and then
passed it to the load_index function which attempted to read it. A
DB_ATTR object only contains a single field called "unique_subject".
AFAICT this attribute is unused in the SRP case, and therefore it would be
better to pass a NULL DB_ATTR to load_index (which handles that case
gracefully).

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 40a8643a

apps/srp.c

+1 −2
Original line number Diff line number Diff line
@@ -256,7 +256,6 @@ OPTIONS srp_options[] = { 
int srp_main(int argc, char **argv)

{

    CA_DB *db = NULL;

    DB_ATTR db_attr;

    CONF *conf = NULL;

    int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;

    int doupdatedb = 0, mode = OPT_ERR;
@@ -401,7 +400,7 @@ int srp_main(int argc, char **argv) 
        BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",

                   srpvfile);



    db = load_index(srpvfile, &db_attr);

    db = load_index(srpvfile, NULL);

    if (db == NULL)

        goto end;