Avoid malloc(0) in SPNEGO get_input_token

If we read a zero-length token in spnego_mech.c's get_input_token(),
set the value pointer to NULL instead of calling malloc(0).

ticket: 7794 (new)

diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 24c344066d245bdc08e288adad122daa150f4a4d..393766274b017d86121e7d57cab40ad7c1c621a7 100644 (file)
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -3140,14 +3140,17 @@ get_input_token(unsigned char **buff_in, unsigned int buff_length)
                return (NULL);
 
        input_token->length = len;
-       input_token->value = gssalloc_malloc(input_token->length);
+       if (input_token->length > 0) {
+               input_token->value = gssalloc_malloc(input_token->length);
+               if (input_token->value == NULL) {
+                       free(input_token);
+                       return (NULL);
+               }
 
-       if (input_token->value == NULL) {
-               free(input_token);
-               return (NULL);
+               memcpy(input_token->value, *buff_in, input_token->length);
+       } else {
+               input_token->value = NULL;
        }
-
-       (void) memcpy(input_token->value, *buff_in, input_token->length);
        *buff_in += input_token->length;
        return (input_token);
 }