From 7ff9203d8a907d87807eb46a6e75aa17ef165030 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 3 Mar 2022 11:29:05 +0000
Subject: Pull a len == 0 check up before malloc(len) to avoid implementation
 defined behavior.

ok deraadt inoguchi
---
 src/lib/libcrypto/x509/x509_constraints.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c
index 5320583137..c7adaa4b36 100644
--- a/src/lib/libcrypto/x509/x509_constraints.c
+++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_constraints.c,v 1.20 2022/03/02 17:53:03 tb Exp $ */
+/* $OpenBSD: x509_constraints.c,v 1.21 2022/03/03 11:29:05 tb Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -747,15 +747,15 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
 			vname->type = GEN_URI;
 			break;
 		case GEN_DIRNAME:
+			if (len == 0) {
+				*error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+				goto err;
+			}
 			if (bytes == NULL || ((vname->der = malloc(len)) ==
 			    NULL)) {
 				*error = X509_V_ERR_OUT_OF_MEM;
 				goto err;
 			}
-			if (len == 0) {
-				*error = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
-				goto err;
-			}
 			memcpy(vname->der, bytes, len);
 			vname->der_len = len;
 			vname->type = GEN_DIRNAME;
-- 
cgit v1.2.3-55-g6feb