From f5ab18c5fae57be128ba2f5fb5011baf820b370c Mon Sep 17 00:00:00 2001
From: ndossche <nora.dossche@ugent.be>
Date: Mon, 13 Apr 2026 17:22:22 +0200
Subject: [PATCH] fix: check ASN1_STRING_to_UTF8() failure

This function returns a negative error code on error.
When it does so, the `value_str` pointer will remain uninitialized and
cause a crash later on when it is freed by OPENSSL_free().
Even if it wouldn't crash there, it still fails to signal the error and
an empty string may be propagated to the callers.
---
 src/ncrypto.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/ncrypto.cpp b/src/ncrypto.cpp
index ee0822a..dcca080 100644
--- a/src/ncrypto.cpp
+++ b/src/ncrypto.cpp
@@ -4847,6 +4847,9 @@ std::pair<std::string, std::string> X509Name::Iterator::operator*() const {
 
   unsigned char* value_str;
   int value_str_size = ASN1_STRING_to_UTF8(&value_str, value);
+  if (value_str_size < 0) [[unlikely]] {
+    return {{}, {}};
+  }
 
   std::string out(reinterpret_cast<const char*>(value_str), value_str_size);
   OPENSSL_free(value_str);  // free after copy