openGauss-third_party/dependency/openssl/CVE-2025-69421.patch-代码预览-openGauss-third_party:基于开源生态的数据库依赖编译项目 - AtomGit

luodongxufix CVE-2025-69418, CVE-2025-69420 and CVE-2025-69421

From 36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7 Mon Sep 17 00:00:00 2001
From: Andrew Dinh <andrewd@openssl.org>
Date: Thu, 8 Jan 2026 01:24:30 +0900
Subject: [PATCH] PKCS12_item_decrypt_d2i_ex(): Check oct argument for NULL
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes CVE-2025-69421

Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 26 19:56:08 2026
(cherry picked from commit 2c13bf15286328641a805eb3b7c97e27d42881fb)

Reference:https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7
Conflict:Context adaptation

---
 crypto/pkcs12/p12_decr.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
index 9db66ccb8d..827815ee8f 100644
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -140,6 +140,11 @@ void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it,
     void *ret;
     int outlen = 0;
 
+    if (oct == NULL) {
+        ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
     if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length,
                              &out, &outlen, 0, libctx, propq))
         return NULL;
-- 
2.33.0