From 033ffff428fed0ad95098066bb2ea72aaf076bec Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Thu, 19 Jan 2023 14:31:45 +0100
Subject: [PATCH] [core] initialize stack variables, improve logging

---
 libfreerdp/core/gcc.c      | 31 +++++++++++++------------------
 libfreerdp/core/rdp.c      |  8 ++++----
 libfreerdp/core/security.c | 14 +++++++-------
 3 files changed, 24 insertions(+), 29 deletions(-)

diff --git a/libfreerdp/core/gcc.c b/libfreerdp/core/gcc.c
index d7938f7f2..65c20e3e4 100644
--- a/libfreerdp/core/gcc.c
+++ b/libfreerdp/core/gcc.c
@@ -740,12 +740,7 @@ BOOL gcc_read_server_data_blocks(wStream* s, rdpMcs* mcs, UINT16 length)
 
 			case SC_SECURITY:
 				if (!gcc_read_server_security_data(sub, mcs))
-				{
-					WLog_ERR(TAG,
-					         "gcc_read_server_data_blocks: gcc_read_server_security_data failed");
 					return FALSE;
-				}
-
 				break;
 
 			case SC_NET:
@@ -1457,7 +1452,7 @@ BOOL gcc_read_client_security_data(wStream* s, rdpMcs* mcs, UINT16 blockLength)
 	{
 		Stream_Read_UINT32(s, settings->EncryptionMethods); /* encryptionMethods */
 
-		if (settings->EncryptionMethods == 0)
+		if (settings->EncryptionMethods == ENCRYPTION_METHOD_NONE)
 			Stream_Read_UINT32(s, settings->EncryptionMethods); /* extEncryptionMethods */
 		else
 			Stream_Seek(s, 4);
@@ -1505,10 +1500,11 @@ BOOL gcc_write_client_security_data(wStream* s, const rdpMcs* mcs)
 
 BOOL gcc_read_server_security_data(wStream* s, rdpMcs* mcs)
 {
-	const BYTE* data;
-	UINT32 length;
+	const BYTE* data = NULL;
+	UINT32 length = 0;
 	BOOL validCryptoConfig = FALSE;
-	UINT32 serverEncryptionMethod;
+	UINT32 EncryptionMethod = 0;
+	UINT32 EncryptionLevel = 0;
 	rdpSettings* settings = mcs_get_settings(mcs);
 
 	WINPR_ASSERT(s);
@@ -1517,11 +1513,11 @@ BOOL gcc_read_server_security_data(wStream* s, rdpMcs* mcs)
 	if (!Stream_CheckAndLogRequiredLength(TAG, s, 8))
 		return FALSE;
 
-	Stream_Read_UINT32(s, serverEncryptionMethod);    /* encryptionMethod */
-	Stream_Read_UINT32(s, settings->EncryptionLevel); /* encryptionLevel */
+	Stream_Read_UINT32(s, EncryptionMethod); /* encryptionMethod */
+	Stream_Read_UINT32(s, EncryptionLevel);  /* encryptionLevel */
 
 	/* Only accept valid/known encryption methods */
-	switch (serverEncryptionMethod)
+	switch (EncryptionMethod)
 	{
 		case ENCRYPTION_METHOD_NONE:
 			WLog_DBG(TAG, "Server rdp encryption method: NONE");
@@ -1544,20 +1540,19 @@ BOOL gcc_read_server_security_data(wStream* s, rdpMcs* mcs)
 			break;
 
 		default:
-			WLog_ERR(TAG, "Received unknown encryption method %08" PRIX32 "",
-			         serverEncryptionMethod);
+			WLog_ERR(TAG, "Received unknown encryption method %08" PRIX32 "", EncryptionMethod);
 			return FALSE;
 	}
 
-	if (settings->UseRdpSecurityLayer && !(settings->EncryptionMethods & serverEncryptionMethod))
+	if (settings->UseRdpSecurityLayer && !(settings->EncryptionMethods & EncryptionMethod))
 	{
 		WLog_WARN(TAG, "Server uses non-advertised encryption method 0x%08" PRIX32 "",
-		          serverEncryptionMethod);
+		          EncryptionMethod);
 		/* FIXME: Should we return FALSE; in this case ?? */
 	}
 
-	settings->EncryptionMethods = serverEncryptionMethod;
-
+	settings->EncryptionMethods = EncryptionMethod;
+	settings->EncryptionLevel = EncryptionLevel;
 	/* Verify encryption level/method combinations according to MS-RDPBCGR Section 5.3.2 */
 	switch (settings->EncryptionLevel)
 	{
diff --git a/libfreerdp/core/rdp.c b/libfreerdp/core/rdp.c
index dddf81688..5f009cfed 100644
--- a/libfreerdp/core/rdp.c
+++ b/libfreerdp/core/rdp.c
@@ -1298,10 +1298,10 @@ BOOL rdp_read_flow_control_pdu(wStream* s, UINT16* type, UINT16* channel_id)
 
 BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, UINT16* pLength, UINT16 securityFlags)
 {
-	BYTE cmac[8];
-	BYTE wmac[8];
-	BOOL status;
-	INT32 length;
+	BYTE cmac[8] = { 0 };
+	BYTE wmac[8] = { 0 };
+	BOOL status = FALSE;
+	INT32 length = 0;
 
 	WINPR_ASSERT(rdp);
 	WINPR_ASSERT(rdp->settings);
diff --git a/libfreerdp/core/security.c b/libfreerdp/core/security.c
index c147f10a8..59c4bb9d5 100644
--- a/libfreerdp/core/security.c
+++ b/libfreerdp/core/security.c
@@ -327,9 +327,9 @@ BOOL security_mac_signature(rdpRdp* rdp, const BYTE* data, UINT32 length, BYTE*
 {
 	WINPR_DIGEST_CTX* sha1 = NULL;
 	WINPR_DIGEST_CTX* md5 = NULL;
-	BYTE length_le[4];
-	BYTE md5_digest[WINPR_MD5_DIGEST_LENGTH];
-	BYTE sha1_digest[WINPR_SHA1_DIGEST_LENGTH];
+	BYTE length_le[4] = { 0 };
+	BYTE md5_digest[WINPR_MD5_DIGEST_LENGTH] = { 0 };
+	BYTE sha1_digest[WINPR_SHA1_DIGEST_LENGTH] = { 0 };
 	BOOL result = FALSE;
 
 	WINPR_ASSERT(rdp);
@@ -394,10 +394,10 @@ BOOL security_salted_mac_signature(rdpRdp* rdp, const BYTE* data, UINT32 length,
 {
 	WINPR_DIGEST_CTX* sha1 = NULL;
 	WINPR_DIGEST_CTX* md5 = NULL;
-	BYTE length_le[4];
-	BYTE use_count_le[4];
-	BYTE md5_digest[WINPR_MD5_DIGEST_LENGTH];
-	BYTE sha1_digest[WINPR_SHA1_DIGEST_LENGTH];
+	BYTE length_le[4] = { 0 };
+	BYTE use_count_le[4] = { 0 };
+	BYTE md5_digest[WINPR_MD5_DIGEST_LENGTH] = { 0 };
+	BYTE sha1_digest[WINPR_SHA1_DIGEST_LENGTH] = { 0 };
 	BOOL result = FALSE;
 
 	WINPR_ASSERT(rdp);