[31445] in CVS-changelog-for-Kerberos-V5
krb5 commit: Avoid undefined memcpy in asn1_encode.c
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Wed Jul 16 12:22:19 2025
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20250716162214.38C90101BE2@krbdev.mit.edu>
Date: Wed, 16 Jul 2025 12:22:14 -0400 (EDT)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/4b4a720cacec8827c9b3f65b4920ac1b0075f38e
commit 4b4a720cacec8827c9b3f65b4920ac1b0075f38e
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Jun 11 14:08:31 2025 -0400
Avoid undefined memcpy in asn1_encode.c
The C standard specifies that passing null pointers to most standard
library functions results in undefined behavior (C99 7.1.4). This
applies to memcpy() even when the length is 0. insert_bytes() in
asn1_encode.c may be called with a null pointer from an empty
krb5_data or other counted value in a structure to be encoded. Do not
call memcpy() in this case.
Reported by Kirill Furman.
ticket: 9175
src/lib/krb5/asn.1/asn1_encode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c
index c4140021e..651d213c4 100644
--- a/src/lib/krb5/asn.1/asn1_encode.c
+++ b/src/lib/krb5/asn.1/asn1_encode.c
@@ -49,7 +49,7 @@ insert_byte(asn1buf *buf, uint8_t o)
static inline void
insert_bytes(asn1buf *buf, const void *bytes, size_t len)
{
- if (buf->ptr != NULL) {
+ if (buf->ptr != NULL && len > 0) {
memcpy(buf->ptr - len, bytes, len);
buf->ptr -= len;
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
