Avoid passing NULL to memcpy

It is undefined behaviour to send NULL as either the src, or dest params in memcpy. In pkey_kdf.c we had a check to ensure that the src address is non-NULL. However in some situations it is possible that the dest address could also be NULL. Specifically in the case where the datalen is 0 and we are using a newly allocated BUF_MEM. We add a check of datalen to avoid the undefined behaviour. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9868)
2025-01-18 13:44:20 +08:00 · 2019-09-11 15:03:39 +01:00 · 2019-09-11 15:03:39 +01:00 · 7eeceeaab2
commit 7eeceeaab2
parent 6b3d042352
1 changed files with 6 additions and 10 deletions
--- a/crypto/evp/pkey_kdf.c
+++ b/crypto/evp/pkey_kdf.c
@ -82,17 +82,13 @@ static int collect(BUF_MEM **collector, void *data, size_t datalen)
        return 0;
    }

-    i = (*collector)->length; /* BUF_MEM_grow() changes it! */
-    /*
-     * The i + datalen check is to distinguish between BUF_MEM_grow()
-     * signaling an error and BUF_MEM_grow() simply returning the (zero)
-     * length.
-     */
-    if (!BUF_MEM_grow(*collector, i + datalen)
-        && i + datalen != 0)
-        return 0;
-    if (data != NULL)
+    if (data != NULL && datalen > 0) {
+        i = (*collector)->length; /* BUF_MEM_grow() changes it! */
+
+        if (!BUF_MEM_grow(*collector, i + datalen))
+            return 0;
        memcpy((*collector)->data + i, data, datalen);
+    }
    return 1;
 }