Check return value of openssl ASN1_string_[get0_]data() functions for NULL.

This prevents a crash in case of incorrect certificate handling in openssl.

Closes #3390. Thanks to Qingpeng Du.

Author: ralight

ChangeLog.txt

@@ -7,6 +7,9 @@ Broker:
   prevent possible crash. This could occur only in extremely unlikely
   situations. See https://github.com/eclipse-mosquitto/mosquitto/issues/3389
   Closes #3389.
+- Check return value of openssl ASN1_string_[get0_]data() functions for NULL.
+  This prevents a crash in case of incorrect certificate handling in openssl.
+  Closes #3390.
 
 
 2.0.22 - 2025-07-11

src/handle_connect.c

@@ -805,7 +805,7 @@ int handle__connect(struct mosquitto *context)
 #else
 					new_username = (const char *) ASN1_STRING_get0_data(name_asn1);
 #endif
-					if(mosquitto_validate_utf8(new_username, (int)strlen(new_username))){
+					if(!new_username || mosquitto_validate_utf8(new_username, (int)strlen(new_username))){
 						if(context->protocol == mosq_p_mqtt5){
 							send__connack(context, 0, MQTT_RC_BAD_USERNAME_OR_PASSWORD, NULL);
 						}else{

src/security_default.c

@@ -1200,10 +1200,17 @@ int mosquitto_security_apply_default(void)
 							continue;
 						}
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-						context->username = mosquitto__strdup((char *) ASN1_STRING_data(name_asn1));
+						const char *username = (const char *)ASN1_STRING_data(name_asn1);
 #else
-						context->username = mosquitto__strdup((char *) ASN1_STRING_get0_data(name_asn1));
+						const char *username = (const char *)ASN1_STRING_get0_data(name_asn1);
 #endif
+						if(!username){
+							X509_free(client_cert);
+							client_cert = NULL;
+							security__disconnect_auth(context);
+							continue;
+						}
+						context->username = mosquitto__strdup(username);
 						if(!context->username){
 							X509_free(client_cert);
 							client_cert = NULL;