From: Bob Beck <beck@openssl.org>
Date: Thu, 30 Apr 2026 19:41:32 +0000 (-0600)
Subject: Guard memcmp for ub in X509_vpm.c
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=83ef843d92ef8ffc953aca4d450e9fc586c470e9;p=thirdparty%2Fopenssl.git

Guard memcmp for ub in X509_vpm.c

Techincally unnecessary, since this thing won't let you add NULL
data to it, but this is harmless and then obviously following
the correct paradigm.

Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Sat May  2 18:05:04 2026
(Merged from https://github.com/openssl/openssl/pull/31049)
---

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index aa606f63202..bc2eb2cce13 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -110,6 +110,8 @@ static int buffer_cmp(const X509_BUFFER *const *a, const X509_BUFFER *const *b)
         return -1;
     if ((*a)->len > (*b)->len)
         return 1;
+    if ((*b)->len == 0)
+        return 0;
     return memcmp((*a)->data, (*b)->data, (*b)->len);
 }