Browse Source

Avoid invoking memcpy if size is zero or the supplied buffer is NULL

This allows for passing a NULL pointer with zero max_len.

Invoking memcpy on NULL is undefined behaviour, even if the size is zero.

https://en.cppreference.com/w/c/string/byte/memcpy

The function can now be queried for the necessary buffer length.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10541)
master^2
Paul Dreik 2 years ago
committed by Tomas Mraz
parent
commit
0760d132da
1 changed files with 6 additions and 2 deletions
  1. +6
    -2
      crypto/asn1/evp_asn1.c

+ 6
- 2
crypto/asn1/evp_asn1.c View File

@ -27,7 +27,10 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
return 1;
}
/* int max_len: for returned value */
/* int max_len: for returned value
* if passing NULL in data, nothing is copied but the necessary length
* for it is returned.
*/
int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
{
int ret, num;
@ -43,7 +46,8 @@ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_l
num = ret;
else
num = max_len;
memcpy(data, p, num);
if (num > 0 && data != NULL)
memcpy(data, p, num);
return ret;
}


Loading…
Cancel
Save