streams: openssl: fix use of uninitialized variable

When verifying the server certificate, we do try to make sure that the
hostname actually matches the certificate alternative names. In cases
where the host is either an IPv4 or IPv6 address, we have to compare the
binary representations of the hostname with the declared IP address of
the certificate. We only do that comparison in case we were successfully
able to parse the hostname as an IP, which would always result in the
memory region being initialized. Still, GCC 6.4.0 was complaining about
usage of non-initialized memory.

Fix the issue by simply asserting that `addr` needs to be initialized.
This shuts up the GCC warning.

1 files changed, 3 insertions, 3 deletions

diff --git a/src/streams/openssl.c b/src/streams/openssl.c
index d00e98e02..9cbb2746f 100644
--- a/src/streams/openssl.c
+++ b/src/streams/openssl.c
@@ -344,7 +344,7 @@ static int verify_server_cert(SSL *ssl, const char *host)
 	GENERAL_NAMES *alts;
 	struct in6_addr addr6;
 	struct in_addr addr4;
-	void *addr;
+	void *addr = NULL;
 	int i = -1, j, error = 0;
 
 	if (SSL_get_verify_result(ssl) != X509_V_OK) {
@@ -357,7 +357,7 @@ static int verify_server_cert(SSL *ssl, const char *host)
 		type = GEN_IPADD;
 		addr = &addr4;
 	} else {
-		if(p_inet_pton(AF_INET6, host, &addr6)) {
+		if (p_inet_pton(AF_INET6, host, &addr6)) {
 			type = GEN_IPADD;
 			addr = &addr6;
 		}
@@ -397,7 +397,7 @@ static int verify_server_cert(SSL *ssl, const char *host)
 					matched = 1;
 			} else if (type == GEN_IPADD) {
 				/* Here name isn't so much a name but a binary representation of the IP */
-				matched = !!memcmp(name, addr, namelen);
+				matched = addr && !!memcmp(name, addr, namelen);
 			}
 		}
 	}