From 3d0b56785aeefd2b5a08a0da99d6a09ae6a494b9 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 10 Mar 2021 10:34:18 +0000
Subject: [PATCH] Don't crash if the pkeyopt doesn't have a value

All pkeyopt's must have a ":" and a value for the option. Not supplying
one can cause a crash

Fixes #14494

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14496)
---
 apps/lib/apps.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 2a5ec6bb65b..2938e916203 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -1790,17 +1790,21 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
 
 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
 {
-    int rv;
+    int rv = 0;
     char *stmp, *vtmp = NULL;
+
     stmp = OPENSSL_strdup(value);
-    if (!stmp)
+    if (stmp == NULL)
         return -1;
     vtmp = strchr(stmp, ':');
-    if (vtmp) {
-        *vtmp = 0;
-        vtmp++;
-    }
+    if (vtmp == NULL)
+        goto err;
+
+    *vtmp = 0;
+    vtmp++;
     rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
+
+ err:
     OPENSSL_free(stmp);
     return rv;
 }
-- 
2.47.3