fix NULL pointer dereference when pass1 is NULL

Resolves: https://scan5.scan.coverity.com/#/project-view/62622/10222?selectedIssue=1684201
Complements: #adc8e4abd96 Fix Memory leak in app_passwd

Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu Mar 12 11:34:53 2026
(Merged from https://github.com/openssl/openssl/pull/30365)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 53dbcf2c2de52c2a65ecd6b5052d94af126b39ab..e8d868f3147d7c11b689e4a5509422556216daac 100644 (file)
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -187,8 +187,10 @@ int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
     if (arg2 != NULL) {
         *pass2 = app_get_pass(arg2, same ? 2 : 0);
         if (*pass2 == NULL) {
-            clear_free(*pass1);
-            *pass1 = NULL;
+            if (pass1 != NULL) {
+                clear_free(*pass1);
+                *pass1 = NULL;
+            }
             return 0;
         }
     } else if (pass2 != NULL) {