Commit 69755d2a10 for openssl.org
commit 69755d2a10c7446863937bf24cecd482f7a4617e
Author: Alexandr Nedvedicky <sashan@openssl.org>
Date: Fri Mar 27 09:33:07 2026 +0100
fix BIO_vsnprintf() with NULL string arg crash on Solaris 10
Issue was kindly reported and fixes suggested by @rainerjung
Fixes #30402
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Fri Apr 10 12:22:44 2026
(Merged from https://github.com/openssl/openssl/pull/30596)
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 1dee097d55..87f7241547 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -374,7 +374,10 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared)
BIO_puts(out, ":");
nid = groups[i];
const char *name = SSL_group_to_name(s, nid);
- BIO_puts(out, ((name != NULL) ? name : "(null)"));
+ if (name == NULL)
+ BIO_printf(out, "%d", nid);
+ else
+ BIO_puts(out, name);
}
OPENSSL_free(groups);
if (noshared) {
@@ -388,7 +391,10 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared)
BIO_puts(out, ":");
nid = SSL_get_shared_group(s, i);
const char *name = SSL_group_to_name(s, nid);
- BIO_puts(out, ((name != NULL) ? name : "(null)"));
+ if (name == NULL)
+ BIO_printf(out, "%d", nid);
+ else
+ BIO_puts(out, name);
}
if (ngroups == 0)
BIO_puts(out, "NONE");
@@ -403,9 +409,15 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
EVP_PKEY *key;
if (!SSL_get_peer_tmp_key(s, &key)) {
- if (SSL_version(s) == TLS1_3_VERSION)
- BIO_printf(out, "Negotiated TLS1.3 group: %s\n",
- SSL_group_to_name(s, SSL_get_negotiated_group(s)));
+ if (SSL_version(s) == TLS1_3_VERSION) {
+ int nid = SSL_get_negotiated_group(s);
+ const char *name = SSL_group_to_name(s, nid);
+
+ if (name == NULL)
+ BIO_printf(out, "Negotiated TLS1.3 group: %d\n", nid);
+ else
+ BIO_printf(out, "Negotiated TLS1.3 group: %s\n", name);
+ }
return 1;
}
diff --git a/apps/s_client.c b/apps/s_client.c
index 592e3da79f..9acdabf3f6 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3975,8 +3975,8 @@ static void print_stuff(BIO *bio, SSL *s, int full)
estat = SSL_ech_get1_status(s, &inner, &outer);
print_ech_status(bio, s, estat);
if (estat == SSL_ECH_STATUS_SUCCESS) {
- BIO_printf(bio, "ECH: inner: %s\n", inner);
- BIO_printf(bio, "ECH: outer: %s\n", outer);
+ BIO_printf(bio, "ECH: inner: %s\n", inner == NULL ? "<NULL>" : inner);
+ BIO_printf(bio, "ECH: outer: %s\n", outer == NULL ? "<NULL>" : outer);
}
if (estat == SSL_ECH_STATUS_FAILED_ECH
|| estat == SSL_ECH_STATUS_FAILED_ECH_BAD_NAME)
diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
index 963d9dad79..22b6513e17 100644
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -57,12 +57,18 @@ static const BIO_METHOD methods_filep = {
BIO *BIO_new_file(const char *filename, const char *mode)
{
BIO *ret;
- FILE *file = openssl_fopen(filename, mode);
+ FILE *file;
int fp_flags = BIO_CLOSE;
if (strchr(mode, 'b') == NULL)
fp_flags |= BIO_FP_TEXT;
+ if (filename == NULL) {
+ ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER, __func__);
+ return NULL;
+ }
+
+ file = openssl_fopen(filename, mode);
if (file == NULL) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling fopen(%s, %s)",
@@ -310,6 +316,11 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
if (!(num & BIO_FP_TEXT))
OPENSSL_strlcat(p, "b", sizeof(p));
#endif
+ if (ptr == NULL) {
+ ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER, __func__);
+ ret = 0;
+ break;
+ }
fp = openssl_fopen(ptr, p);
if (fp == NULL) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
diff --git a/test/testutil/format_output.c b/test/testutil/format_output.c
index 842a4543bf..5bb5302989 100644
--- a/test/testutil/format_output.c
+++ b/test/testutil/format_output.c
@@ -385,7 +385,8 @@ void test_fail_bignum_mono_message(const char *prefix, const char *file,
void test_output_bignum(const char *name, const BIGNUM *bn)
{
if (bn == NULL || BN_is_zero(bn)) {
- test_printf_stderr("bignum: '%s' = %s\n", name,
+ test_printf_stderr("bignum: '%s' = %s\n",
+ name == NULL ? "<NULL>" : name,
test_bignum_zero_null(bn));
} else if (BN_num_bytes(bn) <= BN_OUTPUT_SIZE) {
unsigned char buf[BN_OUTPUT_SIZE];
@@ -396,7 +397,8 @@ void test_output_bignum(const char *name, const BIGNUM *bn)
hex_convert_memory(buf, n, p, BN_OUTPUT_SIZE);
while (*p == '0' && *++p != '\0')
;
- test_printf_stderr("bignum: '%s' = %s0x%s\n", name,
+ test_printf_stderr("bignum: '%s' = %s0x%s\n",
+ name == NULL ? "<NULL>" : name,
BN_is_negative(bn) ? "-" : "", p);
} else {
test_fail_bignum_common("bignum", NULL, 0, NULL, NULL, NULL, name,