Avoid undefined behavior due to memcpy(NULL, NULL, 0)

This happens if name->der_len == 0. Since we already have a length
check, we can malloc and memcpy inside the conditional.  This also
makes the code easier to read.

agreement from millert
ok jsing

1 files changed, 6 insertions, 4 deletions

diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c
index dc91c00345..67cbaa6313 100644
--- a/src/lib/libcrypto/x509/x509_constraints.c
+++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_constraints.c,v 1.11 2020/11/18 17:00:59 tb Exp $ */
+/* $OpenBSD: x509_constraints.c,v 1.12 2020/11/25 21:17:52 tb Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -69,9 +69,11 @@ x509_constraints_name_dup(struct x509_constraints_name *name)
         new->type = name->type;
         new->af = name->af;
         new->der_len = name->der_len;
-        if (name->der_len > 0 && (new->der = malloc(name->der_len)) == NULL)
-                goto err;
-        memcpy(new->der, name->der, name->der_len);
+        if (name->der_len > 0) {
+                if ((new->der = malloc(name->der_len)) == NULL)
+                        goto err;
+                memcpy(new->der, name->der, name->der_len);
+        }
         if (name->name != NULL && (new->name = strdup(name->name)) == NULL)
                 goto err;
         if (name->local != NULL && (new->local = strdup(name->local)) == NULL)