From: Weidong Wang <kenazcharisma@gmail.com>
Date: Fri, 20 Mar 2026 12:00:10 +0000 (-0500)
Subject: Fix NULL pointer dereference in OSSL_STORE_delete()
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=c85884a4b23ff13dcafedd1835c0e5a4aff0a6ab;p=thirdparty%2Fopenssl.git

Fix NULL pointer dereference in OSSL_STORE_delete()

Add a NULL check for the uri parameter before passing it to
OPENSSL_strlcpy(), matching the guard already present in
OSSL_STORE_open_ex().

Fixes: 0a8807b4a838 "Store: API for deletion"

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu Apr  2 07:14:08 2026
(Merged from https://github.com/openssl/openssl/pull/30512)
---

diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 44058532c62..1086cbcd5b2 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -498,6 +498,10 @@ int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
     int res = 0;
     struct ossl_passphrase_data_st pwdata = { 0 };
 
+    if (uri == NULL) {
+        ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
     OPENSSL_strlcpy(scheme, uri, sizeof(scheme));
     if ((p = strchr(scheme, ':')) != NULL)
         *p++ = '\0';