Fix NULL pointer dereference in OSSL_STORE_delete()

Add a NULL check for the uri parameter before passing it to
OPENSSL_strlcpy(), matching the guard already present in
OSSL_STORE_open_ex().

Fixes: 0a8807b4a838 "Store: API for deletion"
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu Apr  2 07:14:08 2026
(Merged from https://github.com/openssl/openssl/pull/30512)

diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 44058532c6269b0dd8fc03782614412d7e381548..1086cbcd5b234cd1ab8800d9ed83347915d58245 100644 (file)
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -498,6 +498,10 @@ int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
     int res = 0;
     struct ossl_passphrase_data_st pwdata = { 0 };
 
+    if (uri == NULL) {
+        ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
     OPENSSL_strlcpy(scheme, uri, sizeof(scheme));
     if ((p = strchr(scheme, ':')) != NULL)
         *p++ = '\0';