Fix silent failure in ASYNC_start_job when size is 0

When ASYNC_start_job is called with args != NULL but size == 0,
OPENSSL_malloc(0) is called. Depending on the libc implementation,
malloc(0) may return NULL, causing a silent failure.

This patch modifies the logic to skip allocation if size is 0.

CLA: trivial

Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29377)

(cherry picked from commit 5cbbced70dd7dd37b6b11dc6e5b7ca78d4d2e436)

diff --git a/crypto/async/async.c b/crypto/async/async.c
index d252cd5b0e94302772249b6075bbcd83be5e91fe..0e5dec3c4c3b73a1e03fb151f5e593395e9101f6 100644 (file)
--- a/crypto/async/async.c
+++ b/crypto/async/async.c
@@ -255,7 +255,8 @@ int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
         if ((ctx->currjob = async_get_pool_job()) == NULL)
             return ASYNC_NO_JOBS;
 
-        if (args != NULL) {
+        /* Check for size > 0 to avoid malloc(0) */
+        if (args != NULL && size > 0) {
             ctx->currjob->funcargs = OPENSSL_malloc(size);
             if (ctx->currjob->funcargs == NULL) {
                 ERR_raise(ERR_LIB_ASYNC, ERR_R_MALLOC_FAILURE);