From d5d983e16830b1a131b08c8f7746398a256a7e58 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 15 Jun 2018 14:05:10 +0200 Subject: [PATCH] ssl_server2: handle mbedtls_x509_dn_gets failure If mbedtls_x509_dn_gets fails, the server could end up calling printf on an uninitialized buffer. Check if the function succeeds. Found by Coverity. --- programs/ssl/ssl_server2.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 81041c44d..3a413ad5e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -962,8 +962,9 @@ static int ssl_async_start( mbedtls_ssl_context *ssl, { char dn[100]; - mbedtls_x509_dn_gets( dn, sizeof( dn ), &cert->subject ); - mbedtls_printf( "Async %s callback: looking for DN=%s\n", op_name, dn ); + if( mbedtls_x509_dn_gets( dn, sizeof( dn ), &cert->subject ) > 0 ) + mbedtls_printf( "Async %s callback: looking for DN=%s\n", + op_name, dn ); } /* Look for a private key that matches the public key in cert.