From 81617536ce695a5b2c65926fbe0b3b14466d95b6 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 27 Jan 2026 14:03:01 +0000
Subject: Add NULL pointer check to PKCS12_item_decrypt_d2i()

Avoids a NULL pointer dereference triggerable by a malformed PCKS#12 file.

From Luigino Camastra via OpenSSL (CVE-2025-69421)

ok jsing
---
 src/lib/libcrypto/pkcs12/p12_decr.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
index 8466e92415..3090781eba 100644
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ b/src/lib/libcrypto/pkcs12/p12_decr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_decr.c,v 1.27 2025/05/10 05:54:38 tb Exp $ */
+/* $OpenBSD: p12_decr.c,v 1.28 2026/01/27 14:03:01 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -130,6 +130,11 @@ PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
 	void *ret;
 	int outlen;
 
+	if (oct == NULL) {
+		PKCS12error(ERR_R_PASSED_NULL_PARAMETER);
+		return NULL;
+	}
+
 	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
 	    &out, &outlen, 0)) {
 		PKCS12error(PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
-- 
cgit v1.2.3-55-g6feb