Added NULL Pointer check to the print_keyspec function

The function print_keyspec in apps/cmp.c previously dereferenced the 'alg' pointer
without checking if it was NULL:

    if (paramtype == V_ASN1_UNDEF || alg->parameter == NULL) {

In certain situations, the 'alg' pointer could be NULL, which may result in a null
pointer dereference.

This commit adds an explicit null check for 'alg' before dereferencing 'alg->parameter'
to ensure safe handling:

    if (alg == NULL) {
        BIO_puts(mem, "Key algorithm: <absent>\n");
        break;
    }

This prevents potential crashes when print_keyspec is called with a NULL algorithm
pointer, improving the robustness of the CMP application.

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Thu Feb 19 12:56:01 2026
(Merged from https://github.com/openssl/openssl/pull/30046)

diff --git a/apps/cmp.c b/apps/cmp.c
index 6240f9838de731922cecfd73d21065857628140d..602d9d15e56b5a01f587eaed1c37527aaf13ab0a 100644 (file)
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -3384,6 +3384,12 @@ static void print_keyspec(OSSL_CMP_ATAVS *keySpec)
             int paramtype;
             const void *param;
 
+            /* NULL check to prevent dereferencing a NULL pointer when print_keyspec is called */
+            if (alg == NULL) {
+                BIO_puts(mem, "Key algorithm: <absent>\n");
+                break;
+            }
+
             X509_ALGOR_get0(&oid, &paramtype, &param, alg);
             BIO_puts(mem, "Key algorithm: ");
             i2a_ASN1_OBJECT(mem, oid);