From dd215e40f1f1c499359fb09e9cfd856b125413e2 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 29 Feb 2016 10:39:17 +0100
Subject: coding: Fixes to prevent undefined behavior (found with libubsan)

---
 lib/coding.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/coding.c b/lib/coding.c
index b23ca16..78615a1 100644
--- a/lib/coding.c
+++ b/lib/coding.c
@@ -443,7 +443,9 @@ asn1_bit_der (const unsigned char *str, int bit_len,
     len_byte++;
   asn1_length_der (len_byte + 1, der, &len_len);
   der[len_len] = len_pad;
-  memcpy (der + len_len + 1, str, len_byte);
+
+  if (str)
+    memcpy (der + len_len + 1, str, len_byte);
   der[len_len + len_byte] &= bit_mask[len_pad];
   *der_len = len_byte + len_len + 1;
 }
@@ -628,7 +630,7 @@ _asn1_insert_tag_der (asn1_node node, unsigned char *der, int *counter,
 				   tag_der, &tag_len);
 
 		  *max_len -= tag_len;
-		  if (*max_len >= 0)
+		  if (der && *max_len >= 0)
 		    memcpy (der + *counter, tag_der, tag_len);
 		  *counter += tag_len;
 
@@ -680,7 +682,7 @@ _asn1_insert_tag_der (asn1_node node, unsigned char *der, int *counter,
     }
 
   *max_len -= tag_len;
-  if (*max_len >= 0)
+  if (der && *max_len >= 0)
     memcpy (der + *counter, tag_der, tag_len);
   *counter += tag_len;
 
-- 
cgit v1.2.1