From 38940dfd04fe962674726534b4e88593400cfc1c Mon Sep 17 00:00:00 2001 From: djm Date: Mon, 12 Jan 2015 15:18:07 +0000 Subject: [PATCH] apparently memcpy(x, NULL, 0) is undefined behaviour according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls when length==0; ok markus@ --- usr.bin/ssh/sshbuf-getput-basic.c | 19 ++++++++++++------- usr.bin/ssh/sshbuf-getput-crypto.c | 5 +++-- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/usr.bin/ssh/sshbuf-getput-basic.c b/usr.bin/ssh/sshbuf-getput-basic.c index 8c9e9c5175a..bc2e2f9eb7b 100644 --- a/usr.bin/ssh/sshbuf-getput-basic.c +++ b/usr.bin/ssh/sshbuf-getput-basic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-basic.c,v 1.2 2014/12/04 01:49:59 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-basic.c,v 1.3 2015/01/12 15:18:07 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -32,7 +32,7 @@ sshbuf_get(struct sshbuf *buf, void *v, size_t len) if ((r = sshbuf_consume(buf, len)) < 0) return r; - if (v != NULL) + if (v != NULL && len != 0) memcpy(v, p, len); return 0; } @@ -107,7 +107,8 @@ sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp) SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); return SSH_ERR_ALLOC_FAIL; } - memcpy(*valp, val, len); + if (len != 0) + memcpy(*valp, val, len); (*valp)[len] = '\0'; } if (lenp != NULL) @@ -198,7 +199,8 @@ sshbuf_get_cstring(struct sshbuf *buf, char **valp, size_t *lenp) SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); return SSH_ERR_ALLOC_FAIL; } - memcpy(*valp, p, len); + if (len != 0) + memcpy(*valp, p, len); (*valp)[len] = '\0'; } if (lenp != NULL) @@ -234,7 +236,8 @@ sshbuf_put(struct sshbuf *buf, const void *v, size_t len) if ((r = sshbuf_reserve(buf, len, &p)) < 0) return r; - memcpy(p, v, len); + if (len != 0) + memcpy(p, v, len); return 0; } @@ -350,7 +353,8 @@ sshbuf_put_string(struct sshbuf *buf, const void *v, size_t len) if ((r = sshbuf_reserve(buf, len + 4, &d)) < 0) return r; POKE_U32(d, len); - memcpy(d + 4, v, len); + if (len != 0) + memcpy(d + 4, v, len); return 0; } @@ -414,6 +418,7 @@ sshbuf_put_bignum2_bytes(struct sshbuf *buf, const void *v, size_t len) POKE_U32(d, len + prepend); if (prepend) d[4] = 0; - memcpy(d + 4 + prepend, s, len); + if (len != 0) + memcpy(d + 4 + prepend, s, len); return 0; } diff --git a/usr.bin/ssh/sshbuf-getput-crypto.c b/usr.bin/ssh/sshbuf-getput-crypto.c index 79951afda17..f086cae06eb 100644 --- a/usr.bin/ssh/sshbuf-getput-crypto.c +++ b/usr.bin/ssh/sshbuf-getput-crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-crypto.c,v 1.2 2014/06/18 15:42:09 naddy Exp $ */ +/* $OpenBSD: sshbuf-getput-crypto.c,v 1.3 2015/01/12 15:18:07 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -189,7 +189,8 @@ sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v) return r; } POKE_U16(dp, len_bits); - memcpy(dp + 2, d, len_bytes); + if (len_bytes != 0) + memcpy(dp + 2, d, len_bytes); bzero(d, sizeof(d)); return 0; } -- 2.20.1