From 01238aec4071eabf072f4e98e3fb84cbab3c7107 Mon Sep 17 00:00:00 2001
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 19 Jun 2016 14:16:16 +0200
Subject: buf2hexstr: properly deal with empty string

It wrote before the start of the string

found by afl

Reviewed-by: Richard Levitte <levitte@openssl.org>

MR: #2994
---
 crypto/o_str.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'crypto/o_str.c')

diff --git a/crypto/o_str.c b/crypto/o_str.c
index 29c324f474..beabec0ddc 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -198,7 +198,12 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len)
     const unsigned char *p;
     int i;
 
-    if ((tmp = OPENSSL_malloc(len * 3 + 1)) == NULL) {
+    if (len == 0)
+    {
+        return OPENSSL_zalloc(1);
+    }
+
+    if ((tmp = OPENSSL_malloc(len * 3)) == NULL) {
         CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-- 
cgit v1.2.3