Commit c85884a4b2 for openssl.org

commit c85884a4b23ff13dcafedd1835c0e5a4aff0a6ab
Author: Weidong Wang <kenazcharisma@gmail.com>
Date:   Fri Mar 20 07:00:10 2026 -0500

    Fix NULL pointer dereference in OSSL_STORE_delete()

    Add a NULL check for the uri parameter before passing it to
    OPENSSL_strlcpy(), matching the guard already present in
    OSSL_STORE_open_ex().

    Fixes: 0a8807b4a838 "Store: API for deletion"

    Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    MergeDate: Thu Apr  2 07:14:08 2026
    (Merged from https://github.com/openssl/openssl/pull/30512)

diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 44058532c6..1086cbcd5b 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -498,6 +498,10 @@ int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
     int res = 0;
     struct ossl_passphrase_data_st pwdata = { 0 };

+    if (uri == NULL) {
+        ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
     OPENSSL_strlcpy(scheme, uri, sizeof(scheme));
     if ((p = strchr(scheme, ':')) != NULL)
         *p++ = '\0';