Description: add support for zero length session tickets returned from the server
 check that ticket_len > 0 prior to calling gnutls_realloc_fast
 .
 gnutls28 (3.5.18-1ubuntu1.4) UNRELEASED; urgency=medium
 .
   * add support for zero length  session tickets returned from the server
Author: Rod Rivers <5981058-rrivers2@users.noreply.gitlab.com>

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: <vendor|upstream|other>, <url of original patch>
Bug: <url in upstream bugtracker>
Bug-Debian: https://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: 2020-06-16

--- gnutls28-3.5.18.orig/lib/ext/session_ticket.c
+++ gnutls28-3.5.18/lib/ext/session_ticket.c
@@ -761,14 +761,16 @@ int _gnutls_recv_new_session_ticket(gnut
 	DECR_LENGTH_COM(data_size, ticket_len, ret =
 			GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
 			goto error);
-	priv->session_ticket =
-	    gnutls_realloc_fast(priv->session_ticket, ticket_len);
-	if (!priv->session_ticket) {
-		gnutls_assert();
-		ret = GNUTLS_E_MEMORY_ERROR;
-		goto error;
+	if (ticket_len > 0) {
+		priv->session_ticket =
+			gnutls_realloc_fast(priv->session_ticket, ticket_len);
+		if (!priv->session_ticket) {
+			gnutls_assert();
+			ret = GNUTLS_E_MEMORY_ERROR;
+			goto error;
+		}
+		memcpy(priv->session_ticket, p, ticket_len);
 	}
-	memcpy(priv->session_ticket, p, ticket_len);
 	priv->session_ticket_len = ticket_len;
 
 	/* Discard the current session ID.  (RFC5077 3.4) */