From 397b9e40e954963cc8382ec059b88c4ecb9eec37 Mon Sep 17 00:00:00 2001
From: "Landon J. Fuller" <landonf@FreeBSD.org>
Date: Thu, 22 Mar 2018 22:13:46 +0000
Subject: [PATCH] Add missing NULL checks when calling malloc(M_NOWAIT) in
 bhnd_nv_strdup/bhnd_nv_strndup.

If malloc(9) failed during initial bhnd(4) attach, while allocating the root
NVRAM path string ("/"), the returned NULL pointer would be passed as the
destination to memcpy().

Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>
---
 sys/dev/bhnd/nvram/bhnd_nvram_private.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sys/dev/bhnd/nvram/bhnd_nvram_private.h b/sys/dev/bhnd/nvram/bhnd_nvram_private.h
index bbcf4f3e49c..5034a629b4c 100644
--- a/sys/dev/bhnd/nvram/bhnd_nvram_private.h
+++ b/sys/dev/bhnd/nvram/bhnd_nvram_private.h
@@ -91,6 +91,9 @@ bhnd_nv_strdup(const char *str)
 
 	len = strlen(str);
 	dest = malloc(len + 1, M_BHND_NVRAM, M_NOWAIT);
+	if (dest == NULL)
+		return (NULL);
+
 	memcpy(dest, str, len);
 	dest[len] = '\0';
 
@@ -105,6 +108,9 @@ bhnd_nv_strndup(const char *str, size_t len)
 
 	len = strnlen(str, len);
 	dest = malloc(len + 1, M_BHND_NVRAM, M_NOWAIT);
+	if (dest == NULL)
+		return (NULL);
+
 	memcpy(dest, str, len);
 	dest[len] = '\0';