From: Shane Lontis Date: Sun, 25 Aug 2019 07:10:48 +0000 (+1000) Subject: Fix Issue OSS-Fuzz: Branch on uninitialized memory (in ccm code). X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=37a830e729f56cfc7b893f321880ac52f1b35cdb;p=openssl Fix Issue OSS-Fuzz: Branch on uninitialized memory (in ccm code). This would also happen for aes-ccm. There was one branch path where it just returned 1 without setting *padlen, It now branches so that the value is set to 0. Fixes #9691 Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9692) --- diff --git a/providers/common/ciphers/cipher_ccm.c b/providers/common/ciphers/cipher_ccm.c index 980c815aa1..fcfef73197 100644 --- a/providers/common/ciphers/cipher_ccm.c +++ b/providers/common/ciphers/cipher_ccm.c @@ -349,7 +349,7 @@ static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out, /* EVP_*Final() doesn't return any data */ if (in == NULL && out != NULL) - return 1; + goto finish; if (!ctx->iv_set) goto err; @@ -388,6 +388,7 @@ static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out, } } olen = len; +finish: rv = 1; err: *padlen = olen;