Overview

File 0003-PKCS12_item_decrypt_d2i_ex-Check-oct-argument-for-NU.patch of Package mingw64-openssl

From 54c4da09b329f75d4f8e3a59e31fd443ff43f73f Mon Sep 17 00:00:00 2001
From: Andrew Dinh <andrewd@openssl.org>
Date: Thu, 19 Feb 2026 12:49:30 +0100
Subject: [PATCH 03/11] PKCS12_item_decrypt_d2i_ex(): Check oct argument for
 NULL
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes CVE-2025-69421

Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 26 19:56:08 2026
(cherry picked from commit 2c13bf15286328641a805eb3b7c97e27d42881fb)
(cherry picked from commit 36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7)
---
 crypto/pkcs12/p12_decr.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
index b40ea10ccb..c635889473 100644
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -133,6 +133,12 @@ void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
     void *ret;
     int outlen;
 
+    if (oct == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
     if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
                           &out, &outlen, 0)) {
         PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
-- 
2.53.0
openSUSE Build Service is sponsored by
Places