Commit 22be3f1b8e for openssl.org

commit 22be3f1b8e3d8d09de89794a6d59f00176b32b2d
Author: Alexandr Nedvedicky <sashan@openssl.org>
Date:   Wed Mar 11 08:30:01 2026 +0100

    fix NULL pointer dereference when pass1 is NULL

    Resolves: https://scan5.scan.coverity.com/#/project-view/62622/10222?selectedIssue=1684201
    Complements: #adc8e4abd96 Fix Memory leak in app_passwd

    Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    MergeDate: Thu Mar 12 11:32:05 2026
    (Merged from https://github.com/openssl/openssl/pull/30365)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 53dbcf2c2d..e8d868f314 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -187,8 +187,10 @@ int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
     if (arg2 != NULL) {
         *pass2 = app_get_pass(arg2, same ? 2 : 0);
         if (*pass2 == NULL) {
-            clear_free(*pass1);
-            *pass1 = NULL;
+            if (pass1 != NULL) {
+                clear_free(*pass1);
+                *pass1 = NULL;
+            }
             return 0;
         }
     } else if (pass2 != NULL) {