Make |BUF_memdup| look for zero length, not NULL.
BUF_memdup tries to avoid mallocing zero bytes (and thus unduly
returning an error for a NULL return value) by testing whether the input
buffer is NULL. This goes back to the original OpenSSL code.
However, when |ext_npn_parse_serverhello| tries to use |BUF_memdup| to
copy an NPN value returned by a callback, some callbacks just set the
output /length/ to zero to indicate an empty value. Thus, when
|BUF_memdup| tests the pointer, it's an uninitialised value and MSan
throws an error.
Since passing a NULL pointer to |BUF_memdup| better imply that the
length is zero, while the reverse empirically isn't true, testing the
length seems safer.
Change-Id: I06626f7dfb761de631fd997bda60057b76b8da94
diff --git a/crypto/buf/buf.c b/crypto/buf/buf.c
index 13b5ceb..b918f01 100644
--- a/crypto/buf/buf.c
+++ b/crypto/buf/buf.c
@@ -220,7 +220,7 @@
void *BUF_memdup(const void *data, size_t dst_size) {
void *ret;
- if (data == NULL) {
+ if (dst_size == 0) {
return NULL;
}
