[PATCH] src/common/dpp_crypto.c : fix uninitialised variable

Alasdair Mackintosh alasdair at google.com
Wed Mar 9 13:24:49 PST 2022

The current code generates a warning when compiled by Clang, because
if we goto 'fail:', pasword_len  can be uninitialised when we pass it
in to bin_clear_free().

Note that the actual usage is safe, because bin_clear_free() ignores
the second argument if the first argument is NULL, but it still seems
worth cleaning up.

Signed-off-by: Alasdair Mackintosh <alasdair at google.com>
 src/common/dpp_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 300416fb1..4fac7de8a 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -2059,7 +2059,7 @@ struct wpabuf * dpp_build_csr(struct
dpp_authentication *auth, const char *name)
  struct wpabuf *priv_key;
  u8 cp[DPP_CP_LEN];
  char *password = NULL;
- size_t password_len;
+ size_t password_len = 0;
  int hash_sign_algo;

  /* TODO: use auth->csrattrs */

More information about the Hostap mailing list