Fix silent failure in ASYNC_start_job when size is 0

When ASYNC_start_job is called with args != NULL but size == 0,
OPENSSL_malloc(0) is called. Depending on the libc implementation,
malloc(0) may return NULL, causing a silent failure.

This patch modifies the logic to skip allocation if size is 0.

CLA: trivial

Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29377)

diff --git a/crypto/async/async.c b/crypto/async/async.c
index ff55ef77bac0a8530374baa8a3dad60c67dd2566..4585390342860f6dfe0f6120948d8c8ac7547070 100644 (file)
--- a/crypto/async/async.c
+++ b/crypto/async/async.c
@@ -255,7 +255,8 @@ int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
         if ((ctx->currjob = async_get_pool_job()) == NULL)
             return ASYNC_NO_JOBS;
 
-        if (args != NULL) {
+        /* Check for size > 0 to avoid malloc(0) */
+        if (args != NULL && size > 0) {
             ctx->currjob->funcargs = OPENSSL_malloc(size);
             if (ctx->currjob->funcargs == NULL) {
                 async_release_job(ctx->currjob);