From a7032da6bbe875596ea1cb348a747123cda7d408 Mon Sep 17 00:00:00 2001
From: Dimitri Staessens <dimitri@ouroboros.rocks>
Date: Mon, 7 Mar 2022 18:15:58 +0100
Subject: ipcpd: Fix memcpy with NULL in piggyback API

If there is no piggyback data, memcpy was passed a NULL pointer in
memcpy(buf, NULL, 0) calls, which is undefined behaviour.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
---
 src/ipcpd/udp/main.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/ipcpd/udp/main.c')

diff --git a/src/ipcpd/udp/main.c b/src/ipcpd/udp/main.c
index 3b354ceb..7def856b 100644
--- a/src/ipcpd/udp/main.c
+++ b/src/ipcpd/udp/main.c
@@ -222,7 +222,8 @@ static int ipcp_udp_port_alloc(const struct sockaddr_in * r_saddr,
         msg->timeout      = hton32(qs.timeout);
 
         memcpy(msg + 1, dst, ipcp_dir_hash_len());
-        memcpy(buf + len, data, dlen);
+        if (dlen > 0)
+                memcpy(buf + len, data, dlen);
 
         if (sendto(udp_data.s_fd, msg, len + dlen,
                    SENDTO_FLAGS,
@@ -255,7 +256,8 @@ static int ipcp_udp_port_alloc_resp(const struct sockaddr_in * r_saddr,
         msg->d_eid    = hton32(d_eid);
         msg->response = response;
 
-        memcpy(msg + 1, data, len);
+        if (len > 0)
+                memcpy(msg + 1, data, len);
 
         if (sendto(udp_data.s_fd, msg, sizeof(*msg) + len,
                    SENDTO_FLAGS,
-- 
cgit v1.2.3