diff --git a/ChangeLog b/ChangeLog
index c4203930d3..7e7374bd52 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,8 @@ Features
      errors on use of deprecated functions.
 
 Bugfix
+   * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
+     (detected by Clang's 3.6 UBSan).
    * mpi_size() and mpi_msb() would segfault when called on an mpi that is
      initialized but not set (found by pravic).
    * Fix detection of support for getrandom() on Linux (reported by syzzer) by
diff --git a/library/x509_crl.c b/library/x509_crl.c
index e2076a6611..de2079fc7b 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -462,7 +462,8 @@ int x509_crl_parse_der( x509_crl *chain,
     if( crl->sig_oid1.len != crl->sig_oid2.len ||
         memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 ||
         sig_params1.len != sig_params2.len ||
-        memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
+        ( sig_params1.len != 0 &&
+          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
     {
         x509_crl_free( crl );
         return( POLARSSL_ERR_X509_SIG_MISMATCH );
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 4e4d806a9c..fe9e552d29 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -760,7 +760,8 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
     if( crt->sig_oid1.len != crt->sig_oid2.len ||
         memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 ||
         sig_params1.len != sig_params2.len ||
-        memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
+        ( sig_params1.len != 0 &&
+          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
     {
         x509_crt_free( crt );
         return( POLARSSL_ERR_X509_SIG_MISMATCH );