From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 22 Jan 2026 10:23:26 +0000 (+0100)
Subject: check_cert_crl(): Avoid potential UAF when using the value of current_crl
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=75b06fd1e6e5ad6ef3e306ccdf67b1b42359aa28;p=thirdparty%2Fopenssl.git

check_cert_crl(): Avoid potential UAF when using the value of current_crl

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
MergeDate: Tue Feb  3 08:50:53 2026
(Merged from https://github.com/openssl/openssl/pull/29679)
---

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 4b4a319d2e8..827a7663aac 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1392,6 +1392,7 @@ static int check_cert_crl(X509_STORE_CTX *ctx)
                 goto done;
         }
 
+        ctx->current_crl = NULL;
         X509_CRL_free(crl);
         X509_CRL_free(dcrl);
         crl = NULL;