Commit 75b06fd1e6 for openssl.org

commit 75b06fd1e6e5ad6ef3e306ccdf67b1b42359aa28
Author: Tomas Mraz <tomas@openssl.org>
Date:   Thu Jan 22 11:23:26 2026 +0100

    check_cert_crl(): Avoid potential UAF when using the value of current_crl

    Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
    Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
    MergeDate: Tue Feb  3 08:50:53 2026
    (Merged from https://github.com/openssl/openssl/pull/29679)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 4b4a319d2e..827a7663aa 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1392,6 +1392,7 @@ static int check_cert_crl(X509_STORE_CTX *ctx)
                 goto done;
         }

+        ctx->current_crl = NULL;
         X509_CRL_free(crl);
         X509_CRL_free(dcrl);
         crl = NULL;