Fix missing null check

Don't add 1 if strchr returns NULL

PR update

Fixes #19279

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19282)

diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c
index b8e4558e0de2458bd474fc0b40bb088af727e579..04acf49dee47468fe33011550c3ddfe609b6d56b 100644 (file)
--- a/crypto/cmp/cmp_util.c
+++ b/crypto/cmp/cmp_util.c
@@ -100,8 +100,8 @@ const char *ossl_cmp_log_parse_metadata(const char *buf,
                     *file = OPENSSL_strndup(p_file, p_line - 1 - p_file);
                     /* no real problem if OPENSSL_strndup() returns NULL */
                     *line = (int)line_number;
-                    msg = strchr(p_level, ':') + 1;
-                    if (*msg == ' ')
+                    msg = strchr(p_level, ':');
+                    if (msg != NULL && *++msg == ' ')
                         msg++;
                 }
             }