From 01238aec4071eabf072f4e98e3fb84cbab3c7107 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 19 Jun 2016 14:16:16 +0200 Subject: [PATCH] buf2hexstr: properly deal with empty string It wrote before the start of the string found by afl Reviewed-by: Richard Levitte MR: #2994 --- crypto/o_str.c | 7 ++++++- doc/crypto/OPENSSL_malloc.pod | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/crypto/o_str.c b/crypto/o_str.c index 29c324f474..beabec0ddc 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -198,7 +198,12 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) const unsigned char *p; int i; - if ((tmp = OPENSSL_malloc(len * 3 + 1)) == NULL) { + if (len == 0) + { + return OPENSSL_zalloc(1); + } + + if ((tmp = OPENSSL_malloc(len * 3)) == NULL) { CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/doc/crypto/OPENSSL_malloc.pod b/doc/crypto/OPENSSL_malloc.pod index ba50221f1c..5d254f7b90 100644 --- a/doc/crypto/OPENSSL_malloc.pod +++ b/doc/crypto/OPENSSL_malloc.pod @@ -124,7 +124,7 @@ An odd number of hex digits is an error. OPENSSL_buf2hexstr() takes the specified buffer and length, and returns a hex string for value, or NULL on error. -B cannot be NULL; if B is NULL an empty string is returned. +B cannot be NULL; if B is 0 an empty string is returned. OPENSSL_hexchar2int() converts a character to the hexadecimal equivalent, or returns -1 on error. -- 2.25.1