Fix: null pointer dereference vulnerability

Adadov · Adadov · commit 17e5e0a87454 · 2024-06-19T15:59:33.000+02:00
Official github issue trusteddomainproject#256 CVE-2024-25768
diff --git a/libopendmarc/opendmarc_policy.c b/libopendmarc/opendmarc_policy.c
@@ -1475,7 +1475,7 @@ opendmarc_policy_fetch_ruf(DMARC_POLICY_T *pctx, u_char *list_buf, size_t size_o
 	{
 		return NULL;
 	}
-	if (list_buf != NULL || size_of_buf > 0)
+	if (list_buf != NULL && size_of_buf > 0)
 	{
 		(void) memset(list_buf, '\0', size_of_buf);
 		sp = list_buf;

Original file line number	Diff line number	Diff line change
`@@ -1475,7 +1475,7 @@ opendmarc_policy_fetch_ruf(DMARC_POLICY_T pctx, u_char list_buf, size_t size_o`
`1475`	`1475`	`{`
`1476`	`1476`	`return NULL;`
`1477`	`1477`	`}`
`1478`		`- if (list_buf != NULL \|\| size_of_buf > 0)`
	`1478`	`+ if (list_buf != NULL && size_of_buf > 0)`
`1479`	`1479`	`{`
`1480`	`1480`	`(void) memset(list_buf, '\0', size_of_buf);`
`1481`	`1481`	`sp = list_buf;`