COM-19: Possible memory corruption in CpEpEngine::encrypt_message
authorMarkus Schaber <markus@pep-security.net>
Sat, 05 Nov 2016 09:14:23 +0100
changeset 191e6e934d5b62d
parent 190 8d1c4f057dea
child 192 da7caa87f709
COM-19: Possible memory corruption in CpEpEngine::encrypt_message
CpEpEngine.cpp
     1.1 --- a/CpEpEngine.cpp	Wed Nov 02 23:30:50 2016 +0100
     1.2 +++ b/CpEpEngine.cpp	Sat Nov 05 09:14:23 2016 +0100
     1.3 @@ -643,7 +643,11 @@
     1.4  	assert(dst);
     1.5  
     1.6  	::message *_src = text_message_to_C(src);
     1.7 -	::message *msg_dst;
     1.8 +
     1.9 +	// COM-19: Initialize msg_dst to NULL, or we end up calling
    1.10 +	// free_message() below with a pointer to random garbage in
    1.11 +	// case of an error in encrypt_message().
    1.12 +	::message *msg_dst = NULL;
    1.13  	::stringlist_t *_extra = new_stringlist(extra);
    1.14  
    1.15  	// _PEP_enc_format is intentionally hardcoded to PEP_enc_PEP: