Fix missing null check in ossl_cmp_log_parse_metadata()

Don't add 1 if strchr returns NULL

Fixes #19279

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19282)

(cherry picked from commit b85d53c1670e47273827bba508daff310c3263ab)

diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c
index ed611d64dd069f91cbf4f0bf48810e5a167e735d..d7b6cab5945e487833f0e19282a2f95742695876 100644 (file)
--- a/crypto/cmp/cmp_util.c
+++ b/crypto/cmp/cmp_util.c
@@ -101,8 +101,8 @@ const char *ossl_cmp_log_parse_metadata(const char *buf,
                     *file = OPENSSL_strndup(p_file, p_line - 1 - p_file);
                     /* no real problem if OPENSSL_strndup() returns NULL */
                     *line = (int)line_number;
-                    msg = strchr(p_level, ':') + 1;
-                    if (*msg == ' ')
+                    msg = strchr(p_level, ':');
+                    if (msg != NULL && *++msg == ' ')
                         msg++;
                 }
             }