https://bugs.openldap.org/show_bug.cgi?id=10225
Issue ID: 10225 Summary: tlso_session_pinning: will crash if digest/keyhash.bv_val is not properly initialized over the lifetime of the function Product: OpenLDAP Version: 2.6.7 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: yaneurabeya@gmail.com Target Milestone: ---
tlso_session_pinning(..) does not initialize the `digest` stack memory before referring to it later on in the function. This can result in a library crash if (for whatever reason) keyhash.bv_val fails to initialize properly on line 1191 [1].
This issue kind of goes hand in hand with bug 10224.
1. https://github.com/openldap/openldap/blob/15edb3b30f2b6a3dbdf77cc42d39466d5f...