From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 7 May 2025 14:09:55 +0000 (+0200)
Subject: vtls: avoid NULL deref on bad PEM input
X-Git-Tag: curl-8_14_0~144
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3a2689712afb0c8e2b489bf17d17cbd392c6aa7b;p=thirdparty%2Fcurl.git

vtls: avoid NULL deref on bad PEM input

Spotted by Coverity

Closes #17274
---

diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index fa2b0fe92b..3b335e2871 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -698,9 +698,12 @@ static CURLcode pubkey_pem_to_der(const char *pem,
     ++pem_count;
   }
 
-  result = curlx_base64_decode(curlx_dyn_ptr(&pbuf), der, der_len);
-
-  curlx_dyn_free(&pbuf);
+  if(curlx_dyn_len(&pbuf)) {
+    result = curlx_base64_decode(curlx_dyn_ptr(&pbuf), der, der_len);
+    curlx_dyn_free(&pbuf);
+  }
+  else
+    result = CURLE_BAD_CONTENT_ENCODING;
 
   return result;
 }