Commit e5029e3ed2 for openssl.org

commit e5029e3ed259c34d5cbb3e309c7bd2d31be8f16b
Author: Bob Beck <beck@openssl.org>
Date:   Sat May 16 10:34:52 2026 -0600

    Make IPAddressFamily_cmp safe for 0 length objects with NULL data.

    Found while adjusting the fuzzer to test for the requirement to
    add NUL bytes on the end of ASN1 Strings. If we end up with a 0
    length object here we can end up in a crash with memcmp.

    This makes this cmp function test comparison like our others
    that are 0 length object safe.

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Norbert Pocs <norbertp@openssl.org>
    MergeDate: Tue May 26 08:51:35 2026
    (Merged from https://github.com/openssl/openssl/pull/31201)

diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c
index 1871a221a2..1e0d94babf 100644
--- a/crypto/x509/v3_addr.c
+++ b/crypto/x509/v3_addr.c
@@ -680,10 +680,15 @@ static int IPAddressFamily_cmp(const IPAddressFamily *const *a_,
 {
     const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
     const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
-    int len = ((a->length <= b->length) ? a->length : b->length);
-    int cmp = memcmp(a->data, b->data, len);
+    int cmp, len = (a->length <= b->length) ? a->length : b->length;

-    return cmp ? cmp : a->length - b->length;
+    if (len > 0) {
+        cmp = memcmp(a->data, b->data, len);
+        if (cmp != 0)
+            return cmp;
+    }
+
+    return a->length - b->length;
 }

 static int IPAddressFamily_check_len(const IPAddressFamily *f)