Don't call memdup with zero length or NULL pointer

https://bugzilla.redhat.com/show_bug.cgi?id=985433

diff --git a/common/attrs.c b/common/attrs.c
index b06a342fc959d44ec5ca0c461aa199aa0701b309..9f3e522a6d8d460388dd3d1c94f33626fbd9a2f3 100644 (file)
--- a/common/attrs.c
+++ b/common/attrs.c
@@ -143,8 +143,13 @@ attrs_build (CK_ATTRIBUTE *attrs,
                }
 
                memcpy (attr, add, sizeof (CK_ATTRIBUTE));
-               if (!take_values)
-                       attr->pValue = memdup (attr->pValue, attr->ulValueLen);
+               if (!take_values && attr->pValue != NULL) {
+                       if (attr->ulValueLen == 0)
+                               attr->pValue = malloc (1);
+                       else
+                               attr->pValue = memdup (attr->pValue, attr->ulValueLen);
+                       return_val_if_fail (attr->pValue != NULL, NULL);
+               }
        }
 
        /* Mark this as the end */

diff --git a/p11-kit/pin.c b/p11-kit/pin.c
index 60571de24bfd8eb1a9f598952b5fe59804e9a74f..2fca6bc46b50a8767616f4b75a23c8bda1573543 100644 (file)
--- a/p11-kit/pin.c
+++ b/p11-kit/pin.c
@@ -357,7 +357,7 @@ p11_kit_pin_request (const char *pin_source,
                        if (callbacks == NULL)
                                callbacks = p11_dict_get (gl.pin_sources, P11_KIT_PIN_FALLBACK);
 
-                       if (callbacks != NULL) {
+                       if (callbacks != NULL && callbacks->num) {
                                snapshot = memdup (callbacks->elem, sizeof (void *) * callbacks->num);
                                snapshot_count = callbacks->num;
                                for (i = 0; snapshot && i < snapshot_count; i++)