Don't call memcpy with NULL pointer in mbedtls_mpi_read_binary()
mbedtls_mpi_read_binary() calls memcpy() with the source pointer being the source pointer passed to mbedtls_mpi_read_binary(), the latter may be NULL if the buffer length is 0 (and this happens e.g. in the ECJPAKE test suite). The behavior of memcpy(), in contrast, is undefined when called with NULL source buffer, even if the length of the copy operation is 0. This commit fixes this by explicitly checking that the source pointer is not NULL before calling memcpy(), and skipping the call otherwise.
This commit is contained in:
parent
9f6d16ad79
commit
0e810b9648
@ -823,10 +823,15 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t bu
|
||||
}
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
|
||||
|
||||
Xp = (unsigned char*) X->p;
|
||||
memcpy( Xp + overhead, buf, buflen );
|
||||
/* Avoid calling `memcpy` with NULL source argument,
|
||||
* even if buflen is 0. */
|
||||
if( buf != NULL )
|
||||
{
|
||||
Xp = (unsigned char*) X->p;
|
||||
memcpy( Xp + overhead, buf, buflen );
|
||||
|
||||
mpi_bigendian_to_host( X->p, limbs );
|
||||
mpi_bigendian_to_host( X->p, limbs );
|
||||
}
|
||||
|
||||
cleanup:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user