Initialize pwdata in pesign and efikeygen

Fixes: github issue rhboot#105
Fixes: 12f1671 (Rework the wildly undocumented NSS password file goo.)
Complements: 1a4481e (Add more ways to use a password with the token)

Signed-off-by: Egor Ignatov <[email protected]>

Author: Blarse

src/cms_common.c

@@ -172,8 +172,10 @@ cms_context_fini(cms_context *cms)
 		xfree(cms->pwdata.data);
 		break;
 	case PW_PLAINTEXT:
-		memset(cms->pwdata.data, 0, strlen(cms->pwdata.data));
-		xfree(cms->pwdata.data);
+		if (cms->pwdata.data) {
+			memset(cms->pwdata.data, 0, strlen(cms->pwdata.data));
+			xfree(cms->pwdata.data);
+		}
 		break;
 	}
 	cms->pwdata.source = PW_SOURCE_INVALID;
@@ -319,8 +321,10 @@ void cms_set_pw_data(cms_context *cms, secuPWData *pwdata)
 	case PW_FROMENV:
 	case PW_FROMFILE:
 	case PW_PLAINTEXT:
-		memset(cms->pwdata.data, 0, strlen(cms->pwdata.data));
-		xfree(cms->pwdata.data);
+		if (cms->pwdata.data) {
+			memset(cms->pwdata.data, 0, strlen(cms->pwdata.data));
+			xfree(cms->pwdata.data);
+		}
 		break;
 
 	case PW_DATABASE:

src/efikeygen.c

@@ -985,6 +985,11 @@ int main(int argc, char *argv[])
 	if (!strcmp(dbdir, "-") && list_empty(&cms->pk12_ins) && !is_self_signed)
 		errx(1, "'--dbdir -' requires either --pk12-in or --self-sign.");
 
+	secuPWData pwdata;
+	memset(&pwdata, 0, sizeof(pwdata));
+	pwdata.source = pwdata.orig_source = PW_PROMPT;
+	cms_set_pw_data(cms, &pwdata);
+
 	PK11_SetPasswordFunc(cms->func ? cms->func : readpw);
 	if (strcmp(dbdir, "-")) {
 		if (cms->pk12_out.fd >= 0)

src/pesign.c

@@ -95,6 +95,7 @@ main(int argc, char *argv[])
 	secuPWData pwdata;
 
 	memset(&pwdata, 0, sizeof(pwdata));
+	pwdata.source = pwdata.orig_source = PW_PROMPT;
 	pwdata.intdata = -1;
 
 	setenv("NSS_DEFAULT_DB_TYPE", "sql", 0);