From: Nikola Pajkovsky <nikolap@openssl.org>
Date: Fri, 9 Jan 2026 15:30:10 +0000 (+0100)
Subject: apps: check OPENSSL_uni2utf8 return value
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e535fe6b16f3551252b336f911cee190ff4a4a6;p=thirdparty%2Fopenssl.git

apps: check OPENSSL_uni2utf8 return value

Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29590)
---

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index a2b436fe436..4aa72866cf2 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -904,6 +904,12 @@ int pkcs12_main(int argc, char **argv)
             if (utmp == NULL)
                 goto end;
             badpass = OPENSSL_uni2utf8(utmp, utmplen);
+            if (badpass == NULL) {
+                BIO_printf(bio_err, "Verbatim password did not match, and fallback conversion to UTF-8 failed\n"
+                                    "The password entered or the input encoding may be wrong\n");
+                OPENSSL_free(utmp);
+                goto end;
+            }
             OPENSSL_free(utmp);
             if (!PKCS12_verify_mac(p12, badpass, -1)) {
                 BIO_printf(bio_err, "Mac verify error: invalid password?\n");