diff options
author | Jack Lloyd <[email protected]> | 2018-09-28 12:27:48 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-09-28 12:27:48 -0400 |
commit | d213317da6065e3c1a149fac33fd16db500b60f6 (patch) | |
tree | 6d0347857a3f720648c867554abff72163de53cb /src/lib/ffi | |
parent | b9fa8833edf13f0535aa57b53528992198f639fe (diff) |
Avoid null pointer write in FFI
If a function returning variable length output was called with a
null output buffer but a non-zero output buffer length, FFI layer
would call memset(nullptr, 0, buffer_len) and crash.
Caught by Coverity.
Diffstat (limited to 'src/lib/ffi')
-rw-r--r-- | src/lib/ffi/ffi_util.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/ffi/ffi_util.h b/src/lib/ffi/ffi_util.h index 684b25870..f72af0a63 100644 --- a/src/lib/ffi/ffi_util.h +++ b/src/lib/ffi/ffi_util.h @@ -128,7 +128,10 @@ inline int write_output(uint8_t out[], size_t* out_len, const uint8_t buf[], siz } else { - Botan::clear_mem(out, avail); + if(out != nullptr) + { + Botan::clear_mem(out, avail); + } return BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE; } } |