From ac3c20013cba08babf891fa6616d25cdf7df5c7c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 27 Apr 2021 19:10:18 +0100 Subject: [PATCH] Prevent unsafe memcpy Some tests cause a zero length input or output, which can mean the allocated test output buffers can be zero length. Protect against calling memcpy blindly in these situations. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 45 ++++++++++++++++----- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 991b10a8a9..a7ba675257 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3292,7 +3292,10 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, part_length, part_data, part_data_size, &output_part_length ) ); - memcpy( ( output_data + part_offset ), part_data, output_part_length ); + if( output_data && output_part_length ) + { + memcpy( ( output_data + part_offset ), part_data, output_part_length ); + } part_offset += part_length; output_length += output_part_length; @@ -3312,13 +3315,19 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, tag_buffer, tag_length, &tag_size ) ); - memcpy( ( output_data + output_length ), final_data, output_part_length ); + if( output_data && output_part_length ) + { + memcpy( ( output_data + output_length ), final_data, output_part_length ); + } TEST_EQUAL(tag_length, tag_size); output_length += output_part_length; - memcpy( ( output_data + output_length ), tag_buffer, tag_length ); + if( output_data && tag_length ) + { + memcpy( ( output_data + output_length ), tag_buffer, tag_length ); + } output_length += tag_length; @@ -3516,7 +3525,10 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, goto exit; } - memcpy( ( output_data + part_offset ), part_data, output_part_length ); + if( output_data && output_part_length ) + { + memcpy( ( output_data + part_offset ), part_data, output_part_length ); + } part_offset += part_length; output_length += output_part_length; @@ -3547,7 +3559,10 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, goto exit; } - memcpy( ( output_data + output_length ), final_data, output_part_length ); + if( output_data &&output_part_length ) + { + memcpy( ( output_data + output_length ), final_data, output_part_length ); + } output_length += output_part_length; @@ -3666,7 +3681,10 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, part_length, part_data, part_data_size, &output_part_length ) ); - memcpy( ( output_data2 + part_offset ), part_data, output_part_length ); + if( output_data2 && output_part_length ) + { + memcpy( ( output_data2 + part_offset ), part_data, output_part_length ); + } part_offset += part_length; output_length2 += output_part_length; @@ -3684,7 +3702,10 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, &output_part_length, tag_buffer, tag_length ) ); - memcpy( ( output_data2 + output_length2 ), final_data, output_part_length); + if( output_data2 && output_part_length ) + { + memcpy( ( output_data2 + output_length2 ), final_data, output_part_length); + } output_length2 += output_part_length; @@ -3872,7 +3893,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, goto exit; } - memcpy( ( output_data + part_offset ), part_data, output_part_length ); + if( output_data && output_part_length ) + { + memcpy( ( output_data + part_offset ), part_data, output_part_length ); + } part_offset += part_length; output_length += output_part_length; @@ -3903,7 +3927,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, goto exit; } - memcpy( ( output_data + output_length ), final_data, output_part_length ); + if( output_data && output_part_length ) + { + memcpy( ( output_data + output_length ), final_data, output_part_length ); + } output_length += output_part_length;