Ensure we don't call memcpy with a NULL pointer Commit d5aa14dd simplified the bn_expand_internal() and BN_copy() functions. Unfortunately it also removed some checks which are still required, otherwise we call memcpy passing in NULL which is not allowed. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2836)

commit: d08086645f72ab890c6ef996bb513076752431f0 [log] [tgz]
author: Matt Caswell <matt@openssl.org> Fri Mar 03 08:56:25 2017 +0000
committer: Matt Caswell <matt@openssl.org> Fri Mar 03 23:49:24 2017 +0000
tree: bf9be561e79ad2c673dac87ba874ff81bc17bfb4
parent: 8336ca13b1be5358621da075eac7a0ab5dc2bd10 [diff]
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index e61c870..9917923 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c

@@ -267,7 +267,8 @@
     }
 
     assert(b->top <= words);
-    memcpy(a, b->d, sizeof(*a) * b->top);
+    if (b->top > 0)
+        memcpy(a, b->d, sizeof(*a) * b->top);
 
     return a;
 }
@@ -328,7 +329,8 @@
     if (bn_wexpand(a, b->top) == NULL)
         return NULL;
 
-    memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
+    if (b->top > 0)
+        memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
 
     a->top = b->top;
     a->neg = b->neg;
commit	d08086645f72ab890c6ef996bb513076752431f0	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Fri Mar 03 08:56:25 2017 +0000
committer	Matt Caswell <matt@openssl.org>	Fri Mar 03 23:49:24 2017 +0000
tree	bf9be561e79ad2c673dac87ba874ff81bc17bfb4
parent	8336ca13b1be5358621da075eac7a0ab5dc2bd10 [diff]