From 1347ccb91336df514d14678099be382a2e256abe Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 12 Nov 2020 14:59:33 +0100
Subject: [PATCH] parse_hex: avoid zero length allocation

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 oath.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/oath.c b/oath.c
index 3224b9d3..de553f75 100644
--- a/oath.c
+++ b/oath.c
@@ -132,6 +132,9 @@ static char *parse_hex(const char *tok, int len)
 {
 	unsigned char *data, *p;
 
+	if (len <= 1)
+		return NULL;
+
 	data = malloc((len + 1) / 2);
 	if (!data)
 		return NULL;
-- 
2.49.0