From 749258b45c0b57fe771497f176223f36bee6a1fd Mon Sep 17 00:00:00 2001 From: William Robinet Date: Sat, 3 Oct 2020 12:42:16 +0200 Subject: [PATCH] Fix for uninitialized variables and possible overflow --- ssl/ssl_analyze.c | 2 +- ssl/ssldecode.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ssl/ssl_analyze.c b/ssl/ssl_analyze.c index b70d756..b8c5b48 100644 --- a/ssl/ssl_analyze.c +++ b/ssl/ssl_analyze.c @@ -466,7 +466,7 @@ static int data_ssl_analyzer(_obj,seg,direction) { int _status,r; r_queue *q; - segment *last,*q_next,*assembled; + segment *last,*q_next=NULL,*assembled; ssl_obj *ssl=(ssl_obj *)_obj; int offset=0; diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c index eca3d13..49b6e1d 100644 --- a/ssl/ssldecode.c +++ b/ssl/ssldecode.c @@ -489,7 +489,7 @@ static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl) *keyl=idlen; key+=idlen; - sprintf(key,"%s:%d",ssl->server_name,ssl->server_port); + snprintf((char *)key,l,"%s:%d",ssl->server_name,ssl->server_port); *keyl+=strlen(key); _status=0; @@ -906,7 +906,7 @@ static int ssl_generate_keying_material(ssl,d) UCHAR _key_c[16],_key_s[16]; int needed; int r,_status; - UCHAR *ptr,*c_wk,*s_wk,*c_mk,*s_mk,*c_iv,*s_iv; + UCHAR *ptr,*c_wk,*s_wk,*c_mk=NULL,*s_mk=NULL,*c_iv=NULL,*s_iv=NULL; if(!d->MS){ if(r=r_data_alloc(&d->MS,48))