Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Minor
Fix Version/s: rhel-9.5
Affects Version/s: None
Component/s: libksba
Labels:

Fixed in Build:
libksba-1.5.1-7.el9
Regression:
None
Severity:
None
Epic Link:
CRYPTO-14783
sprint_count:
1

Pool Team:

rhel-sst-security-crypto
Sub-System Group:

ssg_security

Internal Target Milestone:
26
Story Points:
0.5
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
Crypto24Q3

Acceptance Criteria:

Hide

SanityOnly, upstream patch that initializes the variable is applied

Show
SanityOnly, upstream patch that initializes the variable is applied
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/136902
Test Coverage:
None

Release Note Type:
Release Note Not Required

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

The report from RHEL-23357 highlighted one possible issue in libksba that would be worth fixing:

"Error: UNINIT (CWE-457):
libksba-1.5.1/src/der-builder.c:552: var_decl: Declaring variable ""err"" without initializer.
libksba-1.5.1/src/der-builder.c:666: uninit_use: Using uninitialized value ""err"".
#  664|    leave:
#  665|     xfree (buffer);
#  666|->   return err;
#  667|   }"

The variable err is used uninitialized when no error happens along the way.

Reported upstream: https://dev.gnupg.org/T6992

links to

RHBA-2024:136902 libksba update

Assignee:: Jakub Jelen

Reporter:: Jakub Jelen

Developer:: Jakub Jelen

QA Contact:: Alexander Sosedkin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/02/12 9:09 AM

Updated:: 2024/11/12 10:32 AM

Resolved:: 2024/11/12 10:32 AM

Target end:: 2024/08/26

Release Date:: 2024/11/12