2 files changed, 14 insertions, 0 deletions

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 63b274ea6e..f4ed8311b7 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2974,6 +2974,7 @@ secret_to_key(char *key_out, size_t key_out_len, const char *secret,
 /**
  * Destroy the <b>sz</b> bytes of data stored at <b>mem</b>, setting them to
  * the value <b>byte</b>.
+ * If <b>mem</b> is NULL or <b>sz</b> is zero, nothing happens.
  *
  * This function is preferable to memset, since many compilers will happily
  * optimize out memset() when they can convince themselves that the data being
@@ -2991,6 +2992,15 @@ secret_to_key(char *key_out, size_t key_out_len, const char *secret,
 void
 memwipe(void *mem, uint8_t byte, size_t sz)
 {
+  if (sz == 0) {
+    return;
+  }
+  /* If sz is nonzero, then mem must not be NULL. */
+  tor_assert(mem != NULL);
+
+  /* Data this large is likely to be an underflow. */
+  tor_assert(sz < SIZE_T_CEILING);
+
   /* Because whole-program-optimization exists, we may not be able to just
    * have this function call "memset".  A smart compiler could inline it, then
    * eliminate dead memsets, and declare itself to be clever. */
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 4222f6dbff..840b677cb7 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -2676,6 +2676,10 @@ dn_indicates_v3_cert(X509_NAME *name)
   len = ASN1_STRING_to_UTF8(&s, str);
   if (len < 0)
     return 0;
+  if (len < 4) {
+    OPENSSL_free(s);
+    return 1;
+  }
   r = fast_memneq(s + len - 4, ".net", 4);
   OPENSSL_free(s);
   return r;