From e184d9b4d57f92ba4003625ca5e4bf386ad6843f Mon Sep 17 00:00:00 2001 From: tb <> Date: Wed, 25 Nov 2020 21:17:52 +0000 Subject: Avoid undefined behavior due to memcpy(NULL, NULL, 0) This happens if name->der_len == 0. Since we already have a length check, we can malloc and memcpy inside the conditional. This also makes the code easier to read. agreement from millert ok jsing --- src/lib/libcrypto/x509/x509_constraints.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src/lib/libcrypto/x509/x509_constraints.c') diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c index dc91c00345..67cbaa6313 100644 --- a/src/lib/libcrypto/x509/x509_constraints.c +++ b/src/lib/libcrypto/x509/x509_constraints.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_constraints.c,v 1.11 2020/11/18 17:00:59 tb Exp $ */ +/* $OpenBSD: x509_constraints.c,v 1.12 2020/11/25 21:17:52 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -69,9 +69,11 @@ x509_constraints_name_dup(struct x509_constraints_name *name) new->type = name->type; new->af = name->af; new->der_len = name->der_len; - if (name->der_len > 0 && (new->der = malloc(name->der_len)) == NULL) - goto err; - memcpy(new->der, name->der, name->der_len); + if (name->der_len > 0) { + if ((new->der = malloc(name->der_len)) == NULL) + goto err; + memcpy(new->der, name->der, name->der_len); + } if (name->name != NULL && (new->name = strdup(name->name)) == NULL) goto err; if (name->local != NULL && (new->local = strdup(name->local)) == NULL) -- cgit v1.2.3-55-g6feb