From 3a2689712afb0c8e2b489bf17d17cbd392c6aa7b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 7 May 2025 16:09:55 +0200
Subject: [PATCH] vtls: avoid NULL deref on bad PEM input

Spotted by Coverity

Closes #17274
---
 lib/vtls/vtls.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index fa2b0fe92b..3b335e2871 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -698,9 +698,12 @@ static CURLcode pubkey_pem_to_der(const char *pem,
     ++pem_count;
   }
 
-  result = curlx_base64_decode(curlx_dyn_ptr(&pbuf), der, der_len);
-
-  curlx_dyn_free(&pbuf);
+  if(curlx_dyn_len(&pbuf)) {
+    result = curlx_base64_decode(curlx_dyn_ptr(&pbuf), der, der_len);
+    curlx_dyn_free(&pbuf);
+  }
+  else
+    result = CURLE_BAD_CONTENT_ENCODING;
 
   return result;
 }
-- 
2.47.3