Commit 5097ec4dae for openssl.org

commit 5097ec4dae239112498abb722e255ea60ef7ac48
Author: Alexandr Nedvedicky <sashan@openssl.org>
Date:   Tue May 12 16:12:40 2026 +0200

    Fix NULL dereference in QUIC address validation

    QUIC server crashes when address validation (RFC 9000, Section 8.1)
    is disabled and client sends initial packet with invalid token.

    Issue reported and fix submitted by Sunwoo Lee (KENTECH),
    Hyuk Lim (KENTECH) and Seunghyun Yoon (KENTECH)

    Fixes CVE-2026-42764

    Reviewed-by: Norbert Pocs <norbertp@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Mon Jun  8 14:50:48 2026

diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index e29e4bcf74..9115143f52 100644
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -1799,8 +1799,10 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
          * forget qrx so channel can create a new one
          * with valid initial encryption level keys.
          */
-        qrx_src = qrx;
-        qrx = NULL;
+        if (qrx != NULL) {
+            qrx_src = qrx;
+            qrx = NULL;
+        }
     }

     port_bind_channel(port, &e->peer, &hdr.dst_conn_id,