From: Josh Auler <jta2866@rit.edu>
Date: Tue, 17 Feb 2026 15:52:46 +0000 (-0500)
Subject: Added NULL Pointer check to the print_keyspec function
X-Git-Tag: openssl-4.0.0-alpha1~273
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a825afc19a36921a67943324412c5381bdb993ad;p=thirdparty%2Fopenssl.git

Added NULL Pointer check to the print_keyspec function

The function print_keyspec in apps/cmp.c previously dereferenced the 'alg' pointer
without checking if it was NULL:

    if (paramtype == V_ASN1_UNDEF || alg->parameter == NULL) {

In certain situations, the 'alg' pointer could be NULL, which may result in a null
pointer dereference.

This commit adds an explicit null check for 'alg' before dereferencing 'alg->parameter'
to ensure safe handling:

    if (alg == NULL) {
        BIO_puts(mem, "Key algorithm: <absent>\n");
        break;
    }

This prevents potential crashes when print_keyspec is called with a NULL algorithm
pointer, improving the robustness of the CMP application.

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Thu Feb 19 12:56:01 2026
(Merged from https://github.com/openssl/openssl/pull/30046)
---

diff --git a/apps/cmp.c b/apps/cmp.c
index 6240f9838de..602d9d15e56 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -3384,6 +3384,12 @@ static void print_keyspec(OSSL_CMP_ATAVS *keySpec)
             int paramtype;
             const void *param;
 
+            /* NULL check to prevent dereferencing a NULL pointer when print_keyspec is called */
+            if (alg == NULL) {
+                BIO_puts(mem, "Key algorithm: <absent>\n");
+                break;
+            }
+
             X509_ALGOR_get0(&oid, &paramtype, &param, alg);
             BIO_puts(mem, "Key algorithm: ");
             i2a_ASN1_OBJECT(mem, oid);