wolfcrypt/src/pkcs7.c: in wc_PKCS7_BuildSignedAttributes(), clear can…

…nedAttribs[idx] before it's conditionally populated, to prevent possible uninited data read in subsequent EncodeAttributes().
wolfSSL · Jan 7, 2025 · b6ce89c · b6ce89c
1 parent 8c32238
commit b6ce89c
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
@@ -2073,6 +2073,8 @@ static int wc_PKCS7_BuildSignedAttributes(wc_PKCS7* pkcs7, ESD* esd,
 
         cannedAttribsCount = sizeof(cannedAttribs)/sizeof(PKCS7Attrib);
 
+        XMEMSET(&cannedAttribs[idx], 0, sizeof(cannedAttribs[idx]));
+
         if ((pkcs7->defaultSignedAttribs & WOLFSSL_CONTENT_TYPE_ATTRIBUTE) ||
             pkcs7->defaultSignedAttribs == 0) {
             cannedAttribs[idx].oid     = contentTypeOid;