From 51b35d1b7ad1d8300f68c539353073359181f83c Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Sun, 14 Sep 2025 00:38:47 +0200
Subject: [PATCH] fix two NULL checks

- userauth: fix NULL dereference when out-of-memory.
  Also fix indentation.
  Follow-up to 3a6ab70dcfeb87a3acbb5af7ea6fc783c3981e04 #1314

- openssl: drop redundant NULL check and logic.
  Follow-up to ed439a29bb0b4d1c3f681f87ccfcd3e5a66c3ba0 #698

Pointed out by CodeQL

Closes #1656
---
 src/openssl.c  | 6 +-----
 src/userauth.c | 5 +++--
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/openssl.c b/src/openssl.c
index 8c7f1e29..7696cdc3 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -3848,11 +3848,7 @@ gen_publickey_from_sk_ecdsa_openssh_priv_data(LIBSSH2_SESSION *session,
 
         LIBSSH2_FREE(session, *pubkeydata);
         *pubkeydata_len = key_len;
-
-        if(pubkeydata)
-            *pubkeydata = key;
-        else if(key)
-            LIBSSH2_FREE(session, key);
+        *pubkeydata = key;
     }
 
     if(ec_ctx)
diff --git a/src/userauth.c b/src/userauth.c
index 292615f5..dd5a98c7 100644
--- a/src/userauth.c
+++ b/src/userauth.c
@@ -1492,7 +1492,8 @@ _libssh2_key_sign_algorithm(LIBSSH2_SESSION *session,
 
     if(match) {
         if(*key_method_len == 28 &&
-        memcmp(key_method, "ssh-rsa-cert-v01@openssh.com", *key_method_len)) {
+           memcmp(key_method,
+                  "ssh-rsa-cert-v01@openssh.com", *key_method_len)) {
             if(*key_method)
                 LIBSSH2_FREE(session, *key_method);
             *key_method = LIBSSH2_ALLOC(session, match_len + suffix_len);
@@ -1511,7 +1512,7 @@ _libssh2_key_sign_algorithm(LIBSSH2_SESSION *session,
                 *key_method_len = match_len;
             }
         }
-        if(!key_method) {
+        if(!*key_method) {
             *key_method_len = 0;
             rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
                                 "Unable to allocate key method upgrade");