From 0a1159dc105533e3f07cd252d1fd271967d8f4d6 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Thu, 16 May 2024 11:03:06 +0200 Subject: [PATCH] shared/ecc: Fix uninitialised variable usage Error: UNINIT (CWE-457): [#def41] [important] src/shared/ecc.c:869:2: var_decl: Declaring variable "pk" without initializer. src/shared/ecc.c:885:34: uninit_use_in_call: Using uninitialized element of array "pk.x" when calling "ecc_point_is_zero". 883| 884| ecc_point_mult(&pk, &curve_g, priv, NULL, vli_num_bits(priv)); 885|-> } while (ecc_point_is_zero(&pk)); 886| 887| ecc_native2bytes(priv, private_key); Error: UNINIT (CWE-457): [#def42] [important] src/shared/ecc.c:869:2: var_decl: Declaring variable "pk" without initializer. src/shared/ecc.c:885:34: uninit_use_in_call: Using uninitialized element of array "pk.x" when calling "ecc_point_is_zero". src/shared/ecc.c:885:34: uninit_use_in_call: Using uninitialized element of array "pk.y" when calling "ecc_point_is_zero". 883| 884| ecc_point_mult(&pk, &curve_g, priv, NULL, vli_num_bits(priv)); 885|-> } while (ecc_point_is_zero(&pk)); 886| 887| ecc_native2bytes(priv, private_key); Error: UNINIT (CWE-457): [#def43] [important] src/shared/ecc.c:869:2: var_decl: Declaring variable "pk" without initializer. src/shared/ecc.c:889:2: uninit_use_in_call: Using uninitialized value "*pk.y" when calling "ecc_native2bytes". 887| ecc_native2bytes(priv, private_key); 888| ecc_native2bytes(pk.x, public_key); 889|-> ecc_native2bytes(pk.y, &public_key[32]); 890| 891| return true; --- src/shared/ecc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/shared/ecc.c b/src/shared/ecc.c index adaae2082..02bccbd43 100644 --- a/src/shared/ecc.c +++ b/src/shared/ecc.c @@ -870,6 +870,8 @@ bool ecc_make_key(uint8_t public_key[64], uint8_t private_key[32]) uint64_t priv[NUM_ECC_DIGITS]; unsigned int tries = 0; + memset(&pk, 0, sizeof(pk)); + do { if (!get_random_number(priv) || (tries++ >= MAX_TRIES)) return false; -- 2.47.3