From cf2dfd4b312dc417f69d064488fe8da65bfbef8a Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Mon, 11 Nov 2024 11:08:45 -0500
Subject: [PATCH] check for zero-length strings and octets

---
 src/lib/util/cbor.c                    |  9 +++++----
 src/tests/unit/protocols/cbor/base.txt | 17 ++++++++++++++++-
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/lib/util/cbor.c b/src/lib/util/cbor.c
index ab43f082d0f..8337915d046 100644
--- a/src/lib/util/cbor.c
+++ b/src/lib/util/cbor.c
@@ -125,7 +125,8 @@ static ssize_t cbor_encode_octets(fr_dbuff_t *dbuff, uint8_t const *data, size_t
 	slen = cbor_encode_integer(&work_dbuff, CBOR_OCTETS, data_len);
 	if (slen <= 0) return slen;
 
-	FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, data, data_len);
+	if (data_len > 0) FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, data, data_len);
+
 	return fr_dbuff_set(dbuff, &work_dbuff);
 }
 
@@ -224,7 +225,7 @@ ssize_t fr_cbor_encode_value_box(fr_dbuff_t *dbuff, fr_value_box_t *vb)
 		slen = cbor_encode_integer(&work_dbuff, CBOR_STRING, vb->vb_length);
 		if (slen <= 0) return slen;
 
-		FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, vb->vb_strvalue, vb->vb_length);
+		if (vb->vb_length) FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, vb->vb_strvalue, vb->vb_length);
 		break;
 
 		/*
@@ -835,7 +836,7 @@ ssize_t fr_cbor_decode_value_box(TALLOC_CTX *ctx, fr_value_box_t *vb, fr_dbuff_t
 			return -1;
 		}
 		talloc_set_type(ptr, char);
-		FR_DBUFF_OUT_MEMCPY_RETURN(ptr, &work_dbuff, value);
+		if (value) FR_DBUFF_OUT_MEMCPY_RETURN(ptr, &work_dbuff, value);
 		ptr[value] = '\0';
 
 		if (type == FR_TYPE_NULL) fr_value_box_init(vb, FR_TYPE_STRING, enumv, tainted);
@@ -871,7 +872,7 @@ ssize_t fr_cbor_decode_value_box(TALLOC_CTX *ctx, fr_value_box_t *vb, fr_dbuff_t
 		if (type == FR_TYPE_NULL) fr_value_box_init(vb, FR_TYPE_OCTETS, enumv, tainted);
 		fr_value_box_memdup_shallow(vb, NULL, (uint8_t const *) ptr, value, false); /* tainted? */
 
-		FR_DBUFF_OUT_MEMCPY_RETURN(ptr, &work_dbuff, value);
+		if (value) FR_DBUFF_OUT_MEMCPY_RETURN(ptr, &work_dbuff, value);
 		break;
 
 	case CBOR_INTEGER:
diff --git a/src/tests/unit/protocols/cbor/base.txt b/src/tests/unit/protocols/cbor/base.txt
index 457798b72ba..2dd82d433b6 100644
--- a/src/tests/unit/protocols/cbor/base.txt
+++ b/src/tests/unit/protocols/cbor/base.txt
@@ -72,5 +72,20 @@ match Vendor-Specific = { Nokia-SR = { raw.255 = 3600.5 } }
 encode-pair Vendor-Specific = { Nokia-SR = { raw.255 = (time_delta) 3600.5 } }
 match 9f a1 18 1a 9f a1 19 19 7f 9f a1 18 ff 66 33 36 30 30 2e 35 ff ff ff
 
+#
+#  Zero-length strings and octets
+#
+encode-pair User-Name = ""
+match 9f a1 01 40 ff
+
+decode-pair -
+match User-Name = ""
+
+encode-pair Class = 0x
+match 9f a1 18 19 60 ff
+
+decode-pair -
+match Class = 0x
+
 count
-match 30
+match 38
-- 
2.47.3