GitHub/openssl
1
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-05-07 20:12:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix NULL pointer dereference in OSSL_STORE_delete()

Browse Source 
Add a NULL check for the uri parameter before passing it to
OPENSSL_strlcpy(), matching the guard already present in
OSSL_STORE_open_ex().

Fixes: 0a8807b4a8 "Store: API for deletion"

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu Apr  2 07:14:08 2026
(Merged from https://github.com/openssl/openssl/pull/30512)
This commit is contained in:
Weidong Wang
2026-03-20 07:00:10 -05:00
committed by Tomas Mraz
parent e181adbe4a
commit c85884a4b2
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crypto/store/store_lib.c
+4
View File
@@ -498,6 +498,10 @@ int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
int res = 0;
struct ossl_passphrase_data_st pwdata = { 0 };
if (uri == NULL) {
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
OPENSSL_strlcpy(scheme, uri, sizeof(scheme));
if ((p = strchr(scheme, ':')) != NULL)
*p++ = '\0';