Avoid malloc(0) in SPNEGO get_input_token

If we read a zero-length token in spnego_mech.c's get_input_token(),
set the value pointer to NULL instead of calling malloc(0).

(cherry picked from commit 13fd26e1863c79f616653f6a10a58c01f65fceff)

ticket: 7841 (new)
version_fixed: 1.10.8
status: resolved

diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index f916e49d0b4bfcb7e4976ab46ff37e15b6534ef8..fe931408f5fda9b2d974002a2808f9542259484e 100644 (file)
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -3071,14 +3071,17 @@ get_input_token(unsigned char **buff_in, unsigned int buff_length)
                return (NULL);
 
        input_token->length = len;
-       input_token->value = gssalloc_malloc(input_token->length);
+       if (input_token->length > 0) {
+               input_token->value = gssalloc_malloc(input_token->length);
+               if (input_token->value == NULL) {
+                       free(input_token);
+                       return (NULL);
+               }
 
-       if (input_token->value == NULL) {
-               free(input_token);
-               return (NULL);
+               memcpy(input_token->value, *buff_in, input_token->length);
+       } else {
+               input_token->value = NULL;
        }
-
-       (void) memcpy(input_token->value, *buff_in, input_token->length);
        *buff_in += input_token->length;
        return (input_token);
 }