krb5 commit: Avoid undefined memcpy in asn1_encode.c

Wed Jul 16 12:22:14 EDT 2025

https://github.com/krb5/krb5/commit/4b4a720cacec8827c9b3f65b4920ac1b0075f38e
commit 4b4a720cacec8827c9b3f65b4920ac1b0075f38e
Author: Greg Hudson <ghudson at mit.edu>
Date:   Wed Jun 11 14:08:31 2025 -0400

    Avoid undefined memcpy in asn1_encode.c
    
    The C standard specifies that passing null pointers to most standard
    library functions results in undefined behavior (C99 7.1.4).  This
    applies to memcpy() even when the length is 0.  insert_bytes() in
    asn1_encode.c may be called with a null pointer from an empty
    krb5_data or other counted value in a structure to be encoded.  Do not
    call memcpy() in this case.
    
    Reported by Kirill Furman.
    
    ticket: 9175

 src/lib/krb5/asn.1/asn1_encode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c
index c4140021e..651d213c4 100644
--- a/src/lib/krb5/asn.1/asn1_encode.c
+++ b/src/lib/krb5/asn.1/asn1_encode.c
@@ -49,7 +49,7 @@ insert_byte(asn1buf *buf, uint8_t o)
 static inline void
 insert_bytes(asn1buf *buf, const void *bytes, size_t len)
 {
-    if (buf->ptr != NULL) {
+    if (buf->ptr != NULL && len > 0) {
         memcpy(buf->ptr - len, bytes, len);
         buf->ptr -= len;
     }
