PKCS12_item_decrypt_d2i_ex(): Check oct argument for NULL

Fixes CVE-2025-69421

Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 26 19:56:08 2026

diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
index 0745bc9b088cdc28760987d8d40f667e1cb78355..ec1d2ee54aed93c51b949d1817a464b3728afa1a 100644 (file)
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -146,6 +146,11 @@ void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it,
     void *ret;
     int outlen = 0;
 
+    if (oct == NULL) {
+        ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
     if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length,
             &out, &outlen, 0, libctx, propq))
         return NULL;