commit 01af9046022025a6dacac110dd4aed48e7163d63
author Jean-Paul Calderone <exarkun@twistedmatrix.com> Sun Mar 30 11:40:42 2014 -0400
committer Jean-Paul Calderone <exarkun@twistedmatrix.com> Sun Mar 30 11:40:42 2014 -0400
tree 20d75f225d52e5ee2de0779b1cf8f786d5137626
parent 5b05b4851ca9fb36936779971725c98de39232a7

... avoid undefined behavior.

OpenSSL/SSL.py

diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index 9fdd3e1..fbb18f0 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -1433,7 +1433,20 @@
             received, otherwise the contents of the message.
         :rtype: :py:class:`bytes` or :py:class:`NoneType`
         """
-        size = function(self._ssl, _ffi.NULL, 0)
+        # The OpenSSL documentation says nothing about what might happen if the
+        # count argument given is zero.  Specifically, it doesn't say whether
+        # the output buffer may be NULL in that case or not.  Inspection of the
+        # implementation reveals that it calls memcpy() unconditionally.
+        # Section 7.1.4, paragraph 1 of the C standard suggests that
+        # memcpy(NULL, source, 0) is not guaranteed to produce defined (let
+        # alone desirable) behavior (though it probably does on just about
+        # every implementation...)
+        #
+        # Allocate a tiny buffer to pass in (instead of just passing NULL as
+        # one might expect) for the initial call so as to be safe against this
+        # potentially undefined behavior.
+        empty = _ffi.new("char[]", 0)
+        size = function(self._ssl, empty, 0)
         if size == 0:
             # No Finished message so far.
             return None