diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2016-05-26 18:40:32 +0200 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2016-05-27 21:01:12 +0200 |
commit | 369e93398b68b8a328e6c1d766222b2d281ef016 (patch) | |
tree | a8a9b8113ad022027b4543e472c5c7ab1176473e /crypto/asn1 | |
parent | 4379d5ce782d4cc83840db7b7b66e18d325dfd3e (diff) |
Avoid calling memcpy with lenght of 0
We can call memcpy() with a pointer 1 past the last allocated byte and length
of 0 and you can argue that that's undefined behaviour.
Reported by tis-interpreter
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1132
Diffstat (limited to 'crypto/asn1')
-rw-r--r-- | crypto/asn1/a_bitstr.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index 2f0d8f8c2d..33be907f9d 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -66,10 +66,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) *(p++) = (unsigned char)bits; d = a->data; - memcpy(p, d, len); - p += len; - if (len > 0) + if (len > 0) { + memcpy(p, d, len); + p += len; p[-1] &= (0xff << bits); + } *pp = p; return (ret); } |