From fdad50ce2ddd27d7bdb64a0d58612e99f16830e5 Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 17 Aug 2023 09:13:01 +0000 Subject: [PATCH] Avoid memcmp(NULL, x, 0) in OBJ_cmp() If a->length is 0, either a->data or b->data could be NULL and memcmp() will rely on undefined behavior to compare them as equal. So avoid this comparison in the first place. ok jsing --- lib/libcrypto/objects/obj_lib.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/libcrypto/objects/obj_lib.c b/lib/libcrypto/objects/obj_lib.c index 83575c16c92..45062dbd4ce 100644 --- a/lib/libcrypto/objects/obj_lib.c +++ b/lib/libcrypto/objects/obj_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_lib.c,v 1.18 2023/07/08 12:27:51 beck Exp $ */ +/* $OpenBSD: obj_lib.c,v 1.19 2023/08/17 09:13:01 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -124,11 +124,12 @@ LCRYPTO_ALIAS(OBJ_dup); int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) { - int ret; + int cmp; - ret = (a->length - b->length); - if (ret) - return (ret); - return (memcmp(a->data, b->data, a->length)); + if ((cmp = a->length - b->length) != 0) + return cmp; + if (a->length == 0) + return 0; + return memcmp(a->data, b->data, a->length); } LCRYPTO_ALIAS(OBJ_cmp); -- 2.20.1