Commit cd20f1af1c for openssl.org

commit cd20f1af1cfe3ca0b733201654667582788eb014
Author: easonysliu <easonysliu@tencent.com>
Date:   Wed Mar 18 16:22:24 2026 +0800

    conf: guard NULL group in NCONF_get_string() error path

    NCONF_get_string() passes the group parameter directly to
    ERR_raise_data() with a %s format specifier.  The CONF API
    explicitly allows group to be NULL (meaning "default section"),
    and multiple internal callers use this, such as conf_diagnostics()
    and CONF_modules_load().

    When the lookup fails and the error path is reached, passing NULL
    to %s is undefined behavior per the C standard.  On Linux/glibc
    it happens to print "(null)", but on platforms like Solaris 10 it
    crashes in strlen() inside vsnprintf().

    This was exposed after commit #28305 replaced the custom _dopr()
    (which had an explicit NULL-to-"<NULL>" guard in fmtstr()) with
    the platform's native vsnprintf().

    Guard the NULL by using an empty string in the format argument.

    Fixes #30402

    CLA: trivial

    Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Tue Mar 24 17:39:02 2026
    (Merged from https://github.com/openssl/openssl/pull/30484)

diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 6efd95283e..c148a43490 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -314,7 +314,7 @@ char *NCONF_get_string(const CONF *conf, const char *group, const char *name)
         return NULL;
     }
     ERR_raise_data(ERR_LIB_CONF, CONF_R_NO_VALUE,
-        "group=%s name=%s", group, name);
+        "group=%s name=%s", group != NULL ? group : "", name);
     return NULL;
 }