[Issue 10225] New: tlso_session_pinning: will crash if digest/keyhash.bv_val is not properly initialized over the lifetime of the function

5 Jun 2024


      https://bugs.openldap.org/show_bug.cgi?id=10225
Issue ID: 10225
           Summary: tlso_session_pinning: will crash if
                    digest/keyhash.bv_val is not properly initialized over
                    the lifetime of the function
           Product: OpenLDAP
           Version: 2.6.7
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: libraries
          Assignee: bugs@openldap.org
          Reporter: yaneurabeya@gmail.com
  Target Milestone: ---
tlso_session_pinning(..) does not initialize the `digest` stack memory before
referring to it later on in the function. This can result in a library crash if
(for whatever reason) keyhash.bv_val fails to initialize properly on line 1191
[1].
This issue kind of goes hand in hand with bug 10224.
1.
https://github.com/openldap/openldap/blob/15edb3b30f2b6a3dbdf77cc42d39466d5f...
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 10225] New: tlso_session_pinning: will crash if digest/keyhash.bv_val is not properly initialized over the lifetime of the function