Commit 01238aec authored by Kurt Roeckx's avatar Kurt Roeckx
Browse files

buf2hexstr: properly deal with empty string 



It wrote before the start of the string

found by afl

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>

MR: #2994
parent 28bd8e94

crypto/o_str.c

+6 −1
Original line number Diff line number Diff line
@@ -198,7 +198,12 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) 
    const unsigned char *p;

    int i;



    if ((tmp = OPENSSL_malloc(len * 3 + 1)) == NULL) {

    if (len == 0)

    {

        return OPENSSL_zalloc(1);

    }



    if ((tmp = OPENSSL_malloc(len * 3)) == NULL) {

        CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE);

        return NULL;

    }

doc/crypto/OPENSSL_malloc.pod

+1 −1
Original line number Diff line number Diff line
@@ -124,7 +124,7 @@ An odd number of hex digits is an error. 


OPENSSL_buf2hexstr() takes the specified buffer and length, and returns

a hex string for value, or NULL on error.

B<Buffer> cannot be NULL; if B<len> is NULL an empty string is returned.

B<Buffer> cannot be NULL; if B<len> is 0 an empty string is returned.



OPENSSL_hexchar2int() converts a character to the hexadecimal equivalent,

or returns -1 on error.