From 7ed01e8c683d0cfe68ffcc2874417bbd53dcef37 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 18 Mar 2020 11:51:59 -0400 Subject: [PATCH] ssl_srv.c: initialize flags on each iteration of the loop Although the 'flags' variable is not checked or used after a call to mbedtls_ssl_check_cert_usage, it might be in the future. With this fix, after each iteration, the flags will apply only to the most recent certificate, not to any of the previous ones checked. This fix also stops any reads and writes via a '|=' from/to an uninitialized variable happening. This commit fixes #2444. Signed-off-by: Andrzej Kurek --- library/ssl_srv.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index b0b09cd97..2ceb3f684 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -840,6 +840,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, for( cur = list; cur != NULL; cur = cur->next ) { + flags = 0; MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate", cur->cert );