Fix silent failure in ASYNC_start_job when size is 0

When ASYNC_start_job is called with args != NULL but size == 0,
OPENSSL_malloc(0) is called. Depending on the libc implementation,
malloc(0) may return NULL, causing a silent failure.

This patch modifies the logic to skip allocation if size is 0.

CLA: trivial

Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29377)

(cherry picked from commit 5cbbced70dd7dd37b6b11dc6e5b7ca78d4d2e436)

diff --git a/crypto/async/async.c b/crypto/async/async.c
index 0b8e72306e888cebb95e53b0c0db4bb473d56bee..dfd7a14a0b2653cb02695f6aa9a9273f8314169c 100644 (file)
--- a/crypto/async/async.c
+++ b/crypto/async/async.c
@@ -251,7 +251,8 @@ int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
         if ((ctx->currjob = async_get_pool_job()) == NULL)
             return ASYNC_NO_JOBS;
 
-        if (args != NULL) {
+        /* Check for size > 0 to avoid malloc(0) */
+        if (args != NULL && size > 0) {
             ctx->currjob->funcargs = OPENSSL_malloc(size);
             if (ctx->currjob->funcargs == NULL) {
                 async_release_job(ctx->currjob);