From: Matt Caswell Date: Fri, 3 Mar 2017 08:56:25 +0000 (+0000) Subject: Ensure we don't call memcpy with a NULL pointer X-Git-Tag: OpenSSL_1_1_1-pre1~2116 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d08086645f72ab890c6ef996bb513076752431f0;p=oweals%2Fopenssl.git Ensure we don't call memcpy with a NULL pointer Commit d5aa14dd simplified the bn_expand_internal() and BN_copy() functions. Unfortunately it also removed some checks which are still required, otherwise we call memcpy passing in NULL which is not allowed. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/2836) --- diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index e61c8706ec..99179232f4 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -267,7 +267,8 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) } assert(b->top <= words); - memcpy(a, b->d, sizeof(*a) * b->top); + if (b->top > 0) + memcpy(a, b->d, sizeof(*a) * b->top); return a; } @@ -328,7 +329,8 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) if (bn_wexpand(a, b->top) == NULL) return NULL; - memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); + if (b->top > 0) + memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); a->top = b->top; a->neg = b->neg;