openssl: explicitly NULL initialize PKCS8_PRIV_KEY_INFO (!201) · Merge requests · GNOME / glib-networking

q66 requested to merge q66/glib-networking:free-uninitialized into master Jan 07, 2022

Otherwise, PKCS8_PRIV_KEY_INFO_free will be called on an uninitialized value if !openssl->key is true.

This results in WebKit TLS being broken at least with OpenSSL 3.x and libsoup3.

Caught while packaging webkit for https://chimera-linux.org (clang + openssl3 + libsoup3):

[18/105] Compiling C object tls/openssl/libgioopenssl.so.p/gtlscertificate-openssl.c.o
../tls/openssl/gtlscertificate-openssl.c:151:7: warning: variable 'pkcs8' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
  if (!openssl->key)
      ^~~~~~~~~~~~~
../tls/openssl/gtlscertificate-openssl.c:176:7: note: uninitialized use occurs here
  if (pkcs8)
      ^~~~~
../tls/openssl/gtlscertificate-openssl.c:151:3: note: remove the 'if' if its condition is always false
  if (!openssl->key)
  ^~~~~~~~~~~~~~~~~~
../tls/openssl/gtlscertificate-openssl.c:147:29: note: initialize the variable 'pkcs8' to silence this warning
  PKCS8_PRIV_KEY_INFO *pkcs8;
                            ^
                             = NULL
1 warning generated.

Without the fix, I always get internal errors in WebKit with any TLS connection, while with the fix it works alright.

openssl: explicitly NULL initialize PKCS8_PRIV_KEY_INFO

Merge request reports