Fix 'uninitialized pointer read' in openvpn_decrypt_aead

Coverity complains that if we error out in the first error condition we try to free gc without initializing it. While here move the declaration of outlen to the first usage. Change-Id: I0391f30a1e962ee242e9bcdec4f605bf7e831cca Signed-off-by: Frank Lichtenheld <[email protected]> Acked-by: Antonio Quartulli <[email protected]> Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg30421.html Signed-off-by: Gert Doering <[email protected]>
OpenVPN · Jan 13, 2025 · 5e086c0 · 5e086c0
1 parent 0671a4d
commit 5e086c0
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
@@ -406,17 +406,15 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work,
     static const char error_prefix[] = "AEAD Decrypt error";
     struct packet_id_net pin = { 0 };
     struct key_ctx *ctx = &opt->key_ctx_bi.decrypt;
+    struct gc_arena gc;
+
+    gc_init(&gc);
 
     if (cipher_decrypt_verify_fail_exceeded(ctx))
     {
         CRYPT_DROP("Decryption failed verification limit reached.");
     }
 
-    int outlen;
-    struct gc_arena gc;
-
-    gc_init(&gc);
-
     ASSERT(opt);
     ASSERT(frame);
     ASSERT(buf->len > 0);
@@ -506,6 +504,8 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work,
     dmsg(D_PACKET_CONTENT, "DECRYPT AD: %s",
          format_hex(ad_start, ad_size, 0, &gc));
 
+    int outlen;
+
     /* Decrypt and authenticate packet */
     if (!cipher_ctx_update(ctx->cipher, BPTR(&work), &outlen, BPTR(buf),
                            data_len))