Avoid use of uninitialized pointer in OpenSSL's SSLi_init().

author Tilman Sauerbeck <tilman@code-monkey.de>

Thu, 28 Dec 2017 12:09:20 +0000 (13:09 +0100)

committer Tilman Sauerbeck <tilman@code-monkey.de>

Thu, 28 Dec 2017 12:34:26 +0000 (13:34 +0100)
author Tilman Sauerbeck <tilman@code-monkey.de>
Thu, 28 Dec 2017 12:09:20 +0000 (13:09 +0100)
committer Tilman Sauerbeck <tilman@code-monkey.de>
Thu, 28 Dec 2017 12:34:26 +0000 (13:34 +0100)
diff --git a/src/ssli_openssl.c b/src/ssli_openssl.c

index 8ff1bcf41400c02eaef71e85b0a7463e8aff27dd..4cc1db949cd24ab4ca28638c5e99ff486f8ef2c5 100644 (file)
--- a/src/ssli_openssl.c
+++ b/src/ssli_openssl.c
@@ -215,7 +215,7 @@ void SSLi_init(void)
         int i, offset = 0, cipherstringlen = 0;
         STACK_OF(SSL_CIPHER) *cipherlist = NULL, *cipherlist_new = NULL;
         SSL_CIPHER *cipher;
-       char *cipherstring;
+       char *cipherstring = NULL;
  
         SSL_library_init();
         OpenSSL_add_all_algorithms();
@@ -271,7 +271,7 @@ void SSLi_init(void)
         if (cipherlist_new)
                 sk_SSL_CIPHER_free(cipherlist_new);
  
-       if (strlen(cipherstring) == 0)
+       if (!cipherstring || !*cipherstring)
                 Log_fatal("No suitable ciphers found!");
  
         if (SSL_CTX_set_cipher_list(context, cipherstring) == 0)
author	Tilman Sauerbeck <tilman@code-monkey.de>
	Thu, 28 Dec 2017 12:09:20 +0000 (13:09 +0100)
committer	Tilman Sauerbeck <tilman@code-monkey.de>
	Thu, 28 Dec 2017 12:34:26 +0000 (13:34 +0100)