From 3220613cafb6fdac5a5fb2b987e119782dfae0a5 Mon Sep 17 00:00:00 2001 From: tb Date: Tue, 15 Aug 2023 11:20:57 +0000 Subject: [PATCH] Avoid memcmp() with NULL pointer and 0 length --- regress/lib/libssl/ssl/ssltest.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/regress/lib/libssl/ssl/ssltest.c b/regress/lib/libssl/ssl/ssltest.c index f50824d242d..f95ea44a91a 100644 --- a/regress/lib/libssl/ssl/ssltest.c +++ b/regress/lib/libssl/ssl/ssltest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssltest.c,v 1.42 2023/07/27 07:08:09 tb Exp $ */ +/* $OpenBSD: ssltest.c,v 1.43 2023/08/15 11:20:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -281,8 +281,8 @@ verify_alpn(SSL *client, SSL *server) free(alpn_selected); alpn_selected = NULL; - if (client_proto_len != server_proto_len || - memcmp(client_proto, server_proto, client_proto_len) != 0) { + if (client_proto_len != server_proto_len || (client_proto_len > 0 && + memcmp(client_proto, server_proto, client_proto_len) != 0)) { BIO_printf(bio_stdout, "ALPN selected protocols differ!\n"); goto err; } -- 2.20.1