openssl: fix use of uninitialized buffer
Make sure that the error buffer is always initialized and simplify the use of it to make the logic easier. Bug: https://github.com/bagder/curl/issues/318 Reported-by: sneis
This commit is contained in:
parent
0e7d76d6a8
commit
26ddc536b0
@ -2137,10 +2137,9 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
|
||||
else {
|
||||
/* untreated error */
|
||||
unsigned long errdetail;
|
||||
char error_buffer[256]; /* OpenSSL documents that this must be at least
|
||||
256 bytes long. */
|
||||
char error_buffer[256]=""; /* OpenSSL documents that this must be at
|
||||
least 256 bytes long. */
|
||||
CURLcode result;
|
||||
const char *cert_problem = NULL;
|
||||
long lerr;
|
||||
|
||||
connssl->connecting_state = ssl_connect_2; /* the connection failed,
|
||||
@ -2172,9 +2171,10 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
|
||||
X509_verify_cert_error_string(lerr));
|
||||
}
|
||||
else
|
||||
cert_problem = "SSL certificate problem, verify that the CA cert is"
|
||||
" OK.";
|
||||
|
||||
/* strcpy() is fine here as long as the string fits within
|
||||
error_buffer */
|
||||
strcpy(error_buffer,
|
||||
"SSL certificate problem, check your CA cert");
|
||||
break;
|
||||
default:
|
||||
result = CURLE_SSL_CONNECT_ERROR;
|
||||
@ -2195,7 +2195,7 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
|
||||
}
|
||||
|
||||
/* Could be a CERT problem */
|
||||
failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer);
|
||||
failf(data, "%s", error_buffer);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user