From b6ce89c4291ac63ea91d7fd0d6b3b4e33d82e089 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Tue, 7 Jan 2025 15:03:18 -0600
Subject: [PATCH] wolfcrypt/src/pkcs7.c: in wc_PKCS7_BuildSignedAttributes(),
 clear cannedAttribs[idx] before it's conditionally populated, to prevent
 possible uninited data read in subsequent EncodeAttributes().

---
 wolfcrypt/src/pkcs7.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index a96f53718..77b473487 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -2073,6 +2073,8 @@ static int wc_PKCS7_BuildSignedAttributes(wc_PKCS7* pkcs7, ESD* esd,
 
         cannedAttribsCount = sizeof(cannedAttribs)/sizeof(PKCS7Attrib);
 
+        XMEMSET(&cannedAttribs[idx], 0, sizeof(cannedAttribs[idx]));
+
         if ((pkcs7->defaultSignedAttribs & WOLFSSL_CONTENT_TYPE_ATTRIBUTE) ||
             pkcs7->defaultSignedAttribs == 0) {
             cannedAttribs[idx].oid     = contentTypeOid;