apparently memcpy(x, NULL, 0) is undefined behaviour according to

C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls when
length==0; ok markus@

diff --git a/usr.bin/ssh/sshbuf-getput-basic.c b/usr.bin/ssh/sshbuf-getput-basic.c
index 8c9e9c5..bc2e2f9 100644 (file)
--- a/usr.bin/ssh/sshbuf-getput-basic.c
+++ b/usr.bin/ssh/sshbuf-getput-basic.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sshbuf-getput-basic.c,v 1.2 2014/12/04 01:49:59 djm Exp $     */
+/*     $OpenBSD: sshbuf-getput-basic.c,v 1.3 2015/01/12 15:18:07 djm Exp $     */
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -32,7 +32,7 @@ sshbuf_get(struct sshbuf *buf, void *v, size_t len)
 
        if ((r = sshbuf_consume(buf, len)) < 0)
                return r;
-       if (v != NULL)
+       if (v != NULL && len != 0)
                memcpy(v, p, len);
        return 0;
 }
@@ -107,7 +107,8 @@ sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp)
                        SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
                        return SSH_ERR_ALLOC_FAIL;
                }
-               memcpy(*valp, val, len);
+               if (len != 0)
+                       memcpy(*valp, val, len);
                (*valp)[len] = '\0';
        }
        if (lenp != NULL)
@@ -198,7 +199,8 @@ sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp)
                        SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
                        return SSH_ERR_ALLOC_FAIL;
                }
-               memcpy(*valp, p, len);
+               if (len != 0)
+                       memcpy(*valp, p, len);
                (*valp)[len] = '\0';
        }
        if (lenp != NULL)
@@ -234,7 +236,8 @@ sshbuf_put(struct sshbuf *buf, const void *v, size_t len)
 
        if ((r = sshbuf_reserve(buf, len, &p)) < 0)
                return r;
-       memcpy(p, v, len);
+       if (len != 0)
+               memcpy(p, v, len);
        return 0;
 }
 
@@ -350,7 +353,8 @@ sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len)
        if ((r = sshbuf_reserve(buf, len + 4, &d)) < 0)
                return r;
        POKE_U32(d, len);
-       memcpy(d + 4, v, len);
+       if (len != 0)
+               memcpy(d + 4, v, len);
        return 0;
 }
 
@@ -414,6 +418,7 @@ sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len)
        POKE_U32(d, len + prepend);
        if (prepend)
                d[4] = 0;
-       memcpy(d + 4 + prepend, s, len);
+       if (len != 0)
+               memcpy(d + 4 + prepend, s, len);
        return 0;
 }

diff --git a/usr.bin/ssh/sshbuf-getput-crypto.c b/usr.bin/ssh/sshbuf-getput-crypto.c
index 79951af..f086cae 100644 (file)
--- a/usr.bin/ssh/sshbuf-getput-crypto.c
+++ b/usr.bin/ssh/sshbuf-getput-crypto.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sshbuf-getput-crypto.c,v 1.2 2014/06/18 15:42:09 naddy Exp $  */
+/*     $OpenBSD: sshbuf-getput-crypto.c,v 1.3 2015/01/12 15:18:07 djm Exp $    */
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -189,7 +189,8 @@ sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v)
                return r;
        }
        POKE_U16(dp, len_bits);
-       memcpy(dp + 2, d, len_bytes);
+       if (len_bytes != 0)
+               memcpy(dp + 2, d, len_bytes);
        bzero(d, sizeof(d));
        return 0;
 }