Commit 89e9bd3fa6 for openssl.org

commit 89e9bd3fa66a62547c38f97e73eec402e36665ac
Author: Alexandr Nedvedicky <sashan@openssl.org>
Date:   Wed Feb 25 08:43:29 2026 +0100

    Fix potential use after free in buffer_from_bytes()

    Fix coverity issue 1681707

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Neil Horman <nhorman@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    MergeDate: Thu Feb 26 15:05:37 2026
    (Merged from https://github.com/openssl/openssl/pull/30169)

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 54cef44f59..89d4452a52 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -36,10 +36,12 @@ static X509_BUFFER *buffer_from_bytes(const uint8_t *bytes, size_t length)
     X509_BUFFER *buf;

     if ((buf = OPENSSL_zalloc(sizeof *buf)) != NULL
-        && (buf->data = OPENSSL_memdup(bytes, length)) != NULL)
+        && (buf->data = OPENSSL_memdup(bytes, length)) != NULL) {
         buf->len = length;
-    else
+    } else {
         OPENSSL_free(buf);
+        buf = NULL;
+    }
     return buf;
 }