aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/ffi
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-09-28 12:27:48 -0400
committerJack Lloyd <[email protected]>2018-09-28 12:27:48 -0400
commitd213317da6065e3c1a149fac33fd16db500b60f6 (patch)
tree6d0347857a3f720648c867554abff72163de53cb /src/lib/ffi
parentb9fa8833edf13f0535aa57b53528992198f639fe (diff)
Avoid null pointer write in FFI
If a function returning variable length output was called with a null output buffer but a non-zero output buffer length, FFI layer would call memset(nullptr, 0, buffer_len) and crash. Caught by Coverity.
Diffstat (limited to 'src/lib/ffi')
-rw-r--r--src/lib/ffi/ffi_util.h5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/ffi/ffi_util.h b/src/lib/ffi/ffi_util.h
index 684b25870..f72af0a63 100644
--- a/src/lib/ffi/ffi_util.h
+++ b/src/lib/ffi/ffi_util.h
@@ -128,7 +128,10 @@ inline int write_output(uint8_t out[], size_t* out_len, const uint8_t buf[], siz
}
else
{
- Botan::clear_mem(out, avail);
+ if(out != nullptr)
+ {
+ Botan::clear_mem(out, avail);
+ }
return BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE;
}
}