From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Mon, 23 Feb 2026 04:52:44 +0000 (+0100)
Subject: ssl/ech/ech_store.c: avoid NULL dereference in ech_decode_one_entry()
X-Git-Tag: openssl-4.0.0-alpha1~105
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a5fa572bec5fcd18cf7161fed05228801d6fbb4;p=thirdparty%2Fopenssl.git

ssl/ech/ech_store.c: avoid NULL dereference in ech_decode_one_entry()

Do not jump to the err label on rent NULL check failure (where
it is dereferenced) and rather return immediately.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681462
Fixes: 4af71a77387c "ECH CLI implementation"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:52 2026
(Merged from https://github.com/openssl/openssl/pull/30139)
---

diff --git a/ssl/ech/ech_store.c b/ssl/ech/ech_store.c
index c5963347f33..5c902172711 100644
--- a/ssl/ech/ech_store.c
+++ b/ssl/ech/ech_store.c
@@ -311,7 +311,11 @@ static int ech_decode_one_entry(OSSL_ECHSTORE_ENTRY **rent, PACKET *pkt,
     unsigned char test_pub[OSSL_ECH_CRYPTO_VAR_SIZE];
     OSSL_ECHSTORE_ENTRY *ee = NULL;
 
-    if (rent == NULL || pkt == NULL) {
+    if (rent == NULL) {
+        ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (pkt == NULL) {
         ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
         goto err;
     }