From 5a83775fd5d5bb0ec8e29b5c4a1339599c158446 Mon Sep 17 00:00:00 2001
From: Wan-Teh Chang <wtc@google.com>
Date: Thu, 28 Mar 2013 13:31:49 -0700
Subject: Bug 853285: Don't call PORT_Memcpy with a NULL source buffer pointer.
 Use a better error code when the input buffer is too short. r=sleevi.

---
 lib/freebl/gcm.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/freebl/gcm.c b/lib/freebl/gcm.c
index a3de54783..a62dd8db3 100644
--- a/lib/freebl/gcm.c
+++ b/lib/freebl/gcm.c
@@ -453,7 +453,9 @@ gcmHash_Update(gcmHashContext *ghash, const unsigned char *buf,
      * we can hash it */
     if (ghash->bufLen) {
 	unsigned int needed = PR_MIN(len, blocksize - ghash->bufLen);
-	PORT_Memcpy(ghash->buffer+ghash->bufLen, buf, needed);
+	if (needed != 0) {
+	    PORT_Memcpy(ghash->buffer+ghash->bufLen, buf, needed);
+	}
 	buf += needed;
 	len -= needed;
 	ghash->bufLen += needed;
@@ -814,7 +816,7 @@ GCM_DecryptUpdate(GCMContext *gcm, unsigned char *outbuf,
 
     /* get the authentication block */
     if (inlen < tagBytes) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	PORT_SetError(SEC_ERROR_INPUT_LEN);
 	return SECFailure;
     }
 
-- 
cgit v1.2.1