https://bugzilla.suse.com/show_bug.cgi?id=1204511 https://bugzilla.suse.com/show_bug.cgi?id=1204511#c3 --- Comment #3 from Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> --- We could just add a check to validate input, something like: --- gnutls-3.6.7.orig/lib/priority.c +++ gnutls-3.6.7/lib/priority.c @@ -1108,7 +1110,8 @@ size_t n, n2 = 0, line_size; * all applications */ _gnutls_update_system_priorities(); - fp = fmemopen(system_priority_buf, system_priority_buf_size, "r"); + if (system_priority_buf) + fp = fmemopen(system_priority_buf, system_priority_buf_size, "r"); #else fp = fopen(system_priority_file, "r"); #endif In any case, since we don't ship crypto-policies in SLE-15-SP2/3 or Leap15.2/3 this priority codepaths won't be reached. @Marcus, do you think its worth fixing it in SLE-15-SP2? -- You are receiving this mail because: You are on the CC list for the bug.