From 46b81a642e3087476fa3ad74e16750d722addf77 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 17 Aug 2023 09:13:01 +0000
Subject: Avoid memcmp(NULL, x, 0) in OBJ_cmp()

If a->length is 0, either a->data or b->data could be NULL and memcmp()
will rely on undefined behavior to compare them as equal. So avoid this
comparison in the first place.

ok jsing
---
 src/lib/libcrypto/objects/obj_lib.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/objects/obj_lib.c b/src/lib/libcrypto/objects/obj_lib.c
index 83575c16c9..45062dbd4c 100644
--- a/src/lib/libcrypto/objects/obj_lib.c
+++ b/src/lib/libcrypto/objects/obj_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_lib.c,v 1.18 2023/07/08 12:27:51 beck Exp $ */
+/* $OpenBSD: obj_lib.c,v 1.19 2023/08/17 09:13:01 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -124,11 +124,12 @@ LCRYPTO_ALIAS(OBJ_dup);
 int
 OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
 {
-	int ret;
+	int cmp;
 
-	ret = (a->length - b->length);
-	if (ret)
-		return (ret);
-	return (memcmp(a->data, b->data, a->length));
+	if ((cmp = a->length - b->length) != 0)
+		return cmp;
+	if (a->length == 0)
+		return 0;
+	return memcmp(a->data, b->data, a->length);
 }
 LCRYPTO_ALIAS(OBJ_cmp);
-- 
cgit v1.2.3-55-g6feb