From 31124ffb81e8c0935403a9fdc169dead5ecaa777 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 8 Apr 2013 15:32:31 -0400 Subject: Avoid passing null pointers to memcpy/memcmp By a strict reading of the C standard, memcpy and memcmp have undefined behavior if their pointer arguments aren't valid object pointers, even if the length argument is 0. Compilers are becoming more aggressive about breaking code with undefined behavior, so we should try to avoid it when possible. In a krb5_data object, we frequently use NULL as the data value when the length is 0. Accordingly, we should avoid copying from or comparing the data field of a length-0 krb5_data object. Add checks to our wrapper functions (like data_eq and k5_memdup) and to code which works with possibly-empty krb5_data objects. In a few places, use wrapper functions to simplify the code rather than adding checks. --- src/plugins/preauth/securid_sam2/securid2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/plugins') diff --git a/src/plugins/preauth/securid_sam2/securid2.c b/src/plugins/preauth/securid_sam2/securid2.c index 57d4e37d2..e3c8c7dae 100644 --- a/src/plugins/preauth/securid_sam2/securid2.c +++ b/src/plugins/preauth/securid_sam2/securid2.c @@ -378,7 +378,8 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, esre2->sam_sad.length, user); goto cleanup; } - memcpy(passcode, esre2->sam_sad.data, esre2->sam_sad.length); + if (esre2->sam_sad.length > 0) + memcpy(passcode, esre2->sam_sad.data, esre2->sam_sad.length); securid_user = strdup(user); if (!securid_user) { -- cgit