From: tb Date: Thu, 17 Aug 2023 09:13:01 +0000 (+0000) Subject: Avoid memcmp(NULL, x, 0) in OBJ_cmp() X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=fdad50ce2ddd27d7bdb64a0d58612e99f16830e5;p=openbsd Avoid memcmp(NULL, x, 0) in OBJ_cmp() If a->length is 0, either a->data or b->data could be NULL and memcmp() will rely on undefined behavior to compare them as equal. So avoid this comparison in the first place. ok jsing --- diff --git a/lib/libcrypto/objects/obj_lib.c b/lib/libcrypto/objects/obj_lib.c index 83575c16c92..45062dbd4ce 100644 --- a/lib/libcrypto/objects/obj_lib.c +++ b/lib/libcrypto/objects/obj_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_lib.c,v 1.18 2023/07/08 12:27:51 beck Exp $ */ +/* $OpenBSD: obj_lib.c,v 1.19 2023/08/17 09:13:01 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -124,11 +124,12 @@ LCRYPTO_ALIAS(OBJ_dup); int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) { - int ret; + int cmp; - ret = (a->length - b->length); - if (ret) - return (ret); - return (memcmp(a->data, b->data, a->length)); + if ((cmp = a->length - b->length) != 0) + return cmp; + if (a->length == 0) + return 0; + return memcmp(a->data, b->data, a->length); } LCRYPTO_ALIAS(OBJ_cmp);