From 1548d82560b242579f5ba216b66bd59ccd0f3fd0 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@thewalter.net>
Date: Wed, 17 Jul 2013 18:55:38 +0200
Subject: Don't call memdup with zero length or NULL pointer

https://bugzilla.redhat.com/show_bug.cgi?id=985433
---
 common/attrs.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'common')

diff --git a/common/attrs.c b/common/attrs.c
index b06a342..9f3e522 100644
--- a/common/attrs.c
+++ b/common/attrs.c
@@ -143,8 +143,13 @@ attrs_build (CK_ATTRIBUTE *attrs,
 		}
 
 		memcpy (attr, add, sizeof (CK_ATTRIBUTE));
-		if (!take_values)
-			attr->pValue = memdup (attr->pValue, attr->ulValueLen);
+		if (!take_values && attr->pValue != NULL) {
+			if (attr->ulValueLen == 0)
+				attr->pValue = malloc (1);
+			else
+				attr->pValue = memdup (attr->pValue, attr->ulValueLen);
+			return_val_if_fail (attr->pValue != NULL, NULL);
+		}
 	}
 
 	/* Mark this as the end */
-- 
cgit v1.1