openssl: fix use of uninitialized buffer

Make sure that the error buffer is always initialized and simplify the
use of it to make the logic easier.

Bug: https://github.com/bagder/curl/issues/318
Reported-by: sneis
This commit is contained in:
Daniel Stenberg 2015-06-18 14:20:31 +02:00
parent 0e7d76d6a8
commit 26ddc536b0

View File

@ -2137,10 +2137,9 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
else {
/* untreated error */
unsigned long errdetail;
char error_buffer[256]; /* OpenSSL documents that this must be at least
256 bytes long. */
char error_buffer[256]=""; /* OpenSSL documents that this must be at
least 256 bytes long. */
CURLcode result;
const char *cert_problem = NULL;
long lerr;
connssl->connecting_state = ssl_connect_2; /* the connection failed,
@ -2172,9 +2171,10 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
X509_verify_cert_error_string(lerr));
}
else
cert_problem = "SSL certificate problem, verify that the CA cert is"
" OK.";
/* strcpy() is fine here as long as the string fits within
error_buffer */
strcpy(error_buffer,
"SSL certificate problem, check your CA cert");
break;
default:
result = CURLE_SSL_CONNECT_ERROR;
@ -2195,7 +2195,7 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
}
/* Could be a CERT problem */
failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer);
failf(data, "%s", error_buffer);
return result;
}