diff --git a/0003-fix-potential-null-pointer-dereference.patch b/0003-fix-potential-null-pointer-dereference.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7d741ebb2bad6d1aa720225812347448fc1515e9
--- /dev/null
+++ b/0003-fix-potential-null-pointer-dereference.patch
@@ -0,0 +1,345 @@
+From ec0efe7068081cf4787a881640eef155956f58b7 Mon Sep 17 00:00:00 2001
+From: wangzhiqiang <wangzhiqiang95@huawei.com>
+Date: Fri, 10 Feb 2023 15:02:23 +0800
+Subject: [PATCH] fix potential null pointer dereference.
+
+Signed-off-by: wangzhiqiang <wangzhiqiang95@huawei.com>
+---
+ lib/luks2/luks2_digest_pbkdf2.c |  3 +++
+ lib/luks2/luks2_json_format.c   | 38 +++++++++++++++++++++++++++++----
+ lib/luks2/luks2_json_metadata.c |  8 +++++++
+ lib/luks2/luks2_keyslot.c       |  8 +++++++
+ lib/luks2/luks2_keyslot_luks2.c | 18 ++++++++++++++++
+ lib/luks2/luks2_luks1_convert.c | 23 ++++++++++++++++++++
+ src/cryptsetup.c                |  3 +++
+ src/integritysetup.c            |  3 +++
+ src/veritysetup.c               |  3 +++
+ tokens/ssh/cryptsetup-ssh.c     |  8 ++++++-
+ 10 files changed, 110 insertions(+), 5 deletions(-)
+
+diff --git a/lib/luks2/luks2_digest_pbkdf2.c b/lib/luks2/luks2_digest_pbkdf2.c
+index 1009cfb9..0eedb23d 100644
+--- a/lib/luks2/luks2_digest_pbkdf2.c
++++ b/lib/luks2/luks2_digest_pbkdf2.c
+@@ -147,6 +147,9 @@ static int PBKDF2_digest_store(struct crypt_device *cd,
+ 		json_object_object_get_ex(hdr->jobj, "digests", &jobj_digests);
+ 	}
+ 
++	if (!jobj_digest)
++		return -ENOMEM;
++
+ 	json_object_object_add(jobj_digest, "type", json_object_new_string("pbkdf2"));
+ 	json_object_object_add(jobj_digest, "keyslots", json_object_new_array());
+ 	json_object_object_add(jobj_digest, "segments", json_object_new_array());
+diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c
+index 44563588..1aca50c0 100644
+--- a/lib/luks2/luks2_json_format.c
++++ b/lib/luks2/luks2_json_format.c
+@@ -299,29 +299,59 @@ int LUKS2_generate_hdr(
+ 		return -EINVAL;
+ 
+ 	hdr->jobj = json_object_new_object();
++	if (!hdr->jobj) {
++		r = -ENOMEM;
++		goto err;
++	}
+ 
+ 	jobj_keyslots = json_object_new_object();
++	if (!jobj_keyslots) {
++		r = -ENOMEM;
++		goto err;
++	}
++
+ 	json_object_object_add(hdr->jobj, "keyslots", jobj_keyslots);
+ 	json_object_object_add(hdr->jobj, "tokens", json_object_new_object());
+ 	jobj_segments = json_object_new_object();
++	if (!jobj_segments) {
++		r = -ENOMEM;
++		goto err;
++	}
++
+ 	json_object_object_add(hdr->jobj, "segments", jobj_segments);
+ 	json_object_object_add(hdr->jobj, "digests", json_object_new_object());
+ 	jobj_config = json_object_new_object();
++	if (!jobj_config) {
++		r = -ENOMEM;
++		goto err;
++	}
++
+ 	json_object_object_add(hdr->jobj, "config", jobj_config);
+ 
+ 	digest = LUKS2_digest_create(cd, "pbkdf2", hdr, vk);
+-	if (digest < 0)
++	if (digest < 0) {
++		r = -EINVAL;
+ 		goto err;
++	}
+ 
+-	if (LUKS2_digest_segment_assign(cd, hdr, 0, digest, 1, 0) < 0)
++	if (LUKS2_digest_segment_assign(cd, hdr, 0, digest, 1, 0) < 0) {
++		r = -EINVAL;
+ 		goto err;
++	}
+ 
+ 	jobj_segment = json_segment_create_crypt(data_offset, 0, NULL, cipher, sector_size, 0);
+-	if (!jobj_segment)
++	if (!jobj_segment) {
++		r = -EINVAL;
+ 		goto err;
++	}
+ 
+ 	if (integrity) {
+ 		jobj_integrity = json_object_new_object();
++		if (!jobj_integrity) {
++			r = -ENOMEM;
++			goto err;
++		}
++
+ 		json_object_object_add(jobj_integrity, "type", json_object_new_string(integrity));
+ 		json_object_object_add(jobj_integrity, "journal_encryption", json_object_new_string("none"));
+ 		json_object_object_add(jobj_integrity, "journal_integrity", json_object_new_string("none"));
+@@ -338,7 +368,7 @@ int LUKS2_generate_hdr(
+ err:
+ 	json_object_put(hdr->jobj);
+ 	hdr->jobj = NULL;
+-	return -EINVAL;
++	return r;
+ }
+ 
+ int LUKS2_wipe_header_areas(struct crypt_device *cd,
+diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
+index 4771f040..f3e325e9 100644
+--- a/lib/luks2/luks2_json_metadata.c
++++ b/lib/luks2/luks2_json_metadata.c
+@@ -88,6 +88,9 @@ struct json_object *LUKS2_array_remove(struct json_object *array, const char *nu
+ 
+ 	/* Create new array without jobj_removing. */
+ 	array_new = json_object_new_array();
++	if (!array_new)
++		return NULL;
++
+ 	for (i = 0; i < (int) json_object_array_length(array); i++) {
+ 		jobj1 = json_object_array_get_idx(array, i);
+ 		if (jobj1 != jobj_removing)
+@@ -478,6 +481,9 @@ static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj
+ 
+ 	json = json_object_to_json_string_ext(hdr_jobj,
+ 		JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);
++	if (!json)
++		return 1;
++
+ 	json_area_size = crypt_jobj_get_uint64(jobj1);
+ 	json_size = (uint64_t)strlen(json);
+ 
+@@ -1575,6 +1581,8 @@ int LUKS2_config_set_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint3
+ 		return 0;
+ 
+ 	jobj_flags = json_object_new_array();
++	if (!jobj_flags)
++		return -ENOMEM;
+ 
+ 	for (i = 0; persistent_flags[i].description; i++) {
+ 		if (flags & persistent_flags[i].flag) {
+diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c
+index 5cf4b83d..8e6d99a4 100644
+--- a/lib/luks2/luks2_keyslot.c
++++ b/lib/luks2/luks2_keyslot.c
+@@ -803,6 +803,9 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
+ 		return -EINVAL;
+ 
+ 	jobj_keyslot = json_object_new_object();
++	if (!jobj_keyslot)
++		return -ENOMEM;
++
+ 	json_object_object_add(jobj_keyslot, "type", json_object_new_string("placeholder"));
+ 	/*
+ 	 * key_size = -1 makes placeholder keyslot impossible to pass validation.
+@@ -813,6 +816,11 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
+ 
+ 	/* Area object */
+ 	jobj_area = json_object_new_object();
++	if (!jobj_area) {
++		json_object_put(jobj_keyslot);
++		return -ENOMEM;
++	}
++
+ 	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
+ 	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
+ 	json_object_object_add(jobj_keyslot, "area", jobj_area);
+diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c
+index 491dcad8..83905e33 100644
+--- a/lib/luks2/luks2_keyslot_luks2.c
++++ b/lib/luks2/luks2_keyslot_luks2.c
+@@ -512,17 +512,32 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
+ 	}
+ 
+ 	jobj_keyslot = json_object_new_object();
++	if (!jobj_keyslot) {
++		r = -ENOMEM;
++		goto err;
++	}
++
+ 	json_object_object_add(jobj_keyslot, "type", json_object_new_string("luks2"));
+ 	json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(volume_key_len));
+ 
+ 	/* AF object */
+ 	jobj_af = json_object_new_object();
++	if (!jobj_af) {
++		r = -ENOMEM;
++		goto err;
++	}
++
+ 	json_object_object_add(jobj_af, "type", json_object_new_string("luks1"));
+ 	json_object_object_add(jobj_af, "stripes", json_object_new_int(params->af.luks1.stripes));
+ 	json_object_object_add(jobj_keyslot, "af", jobj_af);
+ 
+ 	/* Area object */
+ 	jobj_area = json_object_new_object();
++	if (!jobj_area) {
++		r = -ENOMEM;
++		goto err;
++	}
++
+ 	json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
+ 	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
+ 	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
+@@ -541,6 +556,9 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
+ 		json_object_object_del_by_uint(jobj_keyslots, keyslot);
+ 
+ 	return r;
++err:
++	json_object_put(jobj_keyslot);
++	return r;
+ }
+ 
+ static int luks2_keyslot_open(struct crypt_device *cd,
+diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c
+index 6d3fa1e1..a51049c9 100644
+--- a/lib/luks2/luks2_luks1_convert.c
++++ b/lib/luks2/luks2_luks1_convert.c
+@@ -67,11 +67,21 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
+ 	int r;
+ 
+ 	keyslot_obj = json_object_new_object();
++	if (!keyslot_obj) {
++		r = -ENOMEM;
++		goto err;
++	}
++
+ 	json_object_object_add(keyslot_obj, "type", json_object_new_string("luks2"));
+ 	json_object_object_add(keyslot_obj, "key_size", json_object_new_int64(hdr_v1->keyBytes));
+ 
+ 	/* KDF */
+ 	jobj_kdf = json_object_new_object();
++	if (!jobj_kdf) {
++		r = -ENOMEM;
++		goto err;
++	}
++
+ 	json_object_object_add(jobj_kdf, "type", json_object_new_string(CRYPT_KDF_PBKDF2));
+ 	json_object_object_add(jobj_kdf, "hash", json_object_new_string(hdr_v1->hashSpec));
+ 	json_object_object_add(jobj_kdf, "iterations", json_object_new_int64(hdr_v1->keyblock[keyslot].passwordIterations));
+@@ -89,6 +99,11 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
+ 
+ 	/* AF */
+ 	jobj_af = json_object_new_object();
++	if (!jobj_af) {
++		r = -ENOMEM;
++		goto err;
++	}
++
+ 	json_object_object_add(jobj_af, "type", json_object_new_string("luks1"));
+ 	json_object_object_add(jobj_af, "hash", json_object_new_string(hdr_v1->hashSpec));
+ 	/* stripes field ignored, fixed to LUKS_STRIPES (4000) */
+@@ -97,6 +112,11 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
+ 
+ 	/* Area */
+ 	jobj_area = json_object_new_object();
++	if (!jobj_area) {
++		r = -ENOMEM;
++		goto err;
++	}
++
+ 	json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
+ 
+ 	/* encryption algorithm field */
+@@ -124,6 +144,9 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
+ 
+ 	*keyslot_object = keyslot_obj;
+ 	return 0;
++err:
++	json_object_put(keyslot_obj);
++	return r;
+ }
+ 
+ static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, struct json_object **keyslots_object)
+diff --git a/src/cryptsetup.c b/src/cryptsetup.c
+index e387c1c1..e14ab8bb 100644
+--- a/src/cryptsetup.c
++++ b/src/cryptsetup.c
+@@ -3439,6 +3439,9 @@ int main(int argc, const char **argv)
+ 	textdomain(PACKAGE);
+ 
+ 	popt_context = poptGetContext(PACKAGE, argc, argv, popt_options, 0);
++	if (!popt_context)
++		exit(EXIT_FAILURE);
++
+ 	poptSetOtherOptionHelp(popt_context,
+ 	                       _("[OPTION...] <action> <action-specific>"));
+ 
+diff --git a/src/integritysetup.c b/src/integritysetup.c
+index eee61715..6d5b7cf9 100644
+--- a/src/integritysetup.c
++++ b/src/integritysetup.c
+@@ -660,6 +660,9 @@ int main(int argc, const char **argv)
+ 	textdomain(PACKAGE);
+ 
+ 	popt_context = poptGetContext("integrity", argc, argv, popt_options, 0);
++	if (!popt_context)
++		exit(EXIT_FAILURE);
++
+ 	poptSetOtherOptionHelp(popt_context,
+ 	                       _("[OPTION...] <action> <action-specific>"));
+ 
+diff --git a/src/veritysetup.c b/src/veritysetup.c
+index 8be81cc8..cd966389 100644
+--- a/src/veritysetup.c
++++ b/src/veritysetup.c
+@@ -599,6 +599,9 @@ int main(int argc, const char **argv)
+ 	textdomain(PACKAGE);
+ 
+ 	popt_context = poptGetContext("verity", argc, argv, popt_options, 0);
++	if (!popt_context)
++		exit(EXIT_FAILURE);
++
+ 	poptSetOtherOptionHelp(popt_context,
+ 	                       _("[OPTION...] <action> <action-specific>"));
+ 
+diff --git a/tokens/ssh/cryptsetup-ssh.c b/tokens/ssh/cryptsetup-ssh.c
+index 7c0bf02f..efc38f73 100644
+--- a/tokens/ssh/cryptsetup-ssh.c
++++ b/tokens/ssh/cryptsetup-ssh.c
+@@ -80,13 +80,19 @@ static int token_add(
+ 
+ 	r = -EINVAL;
+ 	jobj = json_object_new_object();
+-	if (!jobj)
++	if (!jobj) {
++		r = -ENOMEM;
+ 		goto out;
++	}
+ 
+ 	/* type is mandatory field in all tokens and must match handler name member */
+ 	json_object_object_add(jobj, "type", json_object_new_string(TOKEN_NAME));
+ 
+ 	jobj_keyslots = json_object_new_array();
++	if (!jobj_keyslots) {
++		r = -ENOMEM;
++		goto out;
++	}
+ 
+ 	/* mandatory array field (may be empty and assigned later */
+ 	json_object_object_add(jobj, "keyslots", jobj_keyslots);
+-- 
+2.33.0
+
diff --git a/0004-Update-file-cryptsetup-ssh.c.patch b/0004-Update-file-cryptsetup-ssh.c.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d68a031df0c8573d115a02c1270806ec83a62d63
--- /dev/null
+++ b/0004-Update-file-cryptsetup-ssh.c.patch
@@ -0,0 +1,24 @@
+From 1f805cb35ae1d2ec9d19d8b9bad0bda98cbdc938 Mon Sep 17 00:00:00 2001
+From: wangzhiqiang <zhiqiangwang12_4@163.com>
+Date: Fri, 10 Feb 2023 16:48:19 +0000
+Subject: [PATCH] Update file cryptsetup-ssh.c
+
+---
+ tokens/ssh/cryptsetup-ssh.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/tokens/ssh/cryptsetup-ssh.c b/tokens/ssh/cryptsetup-ssh.c
+index efc38f73..e356898f 100644
+--- a/tokens/ssh/cryptsetup-ssh.c
++++ b/tokens/ssh/cryptsetup-ssh.c
+@@ -78,7 +78,6 @@ static int token_add(
+ 		goto out;
+ 	}
+ 
+-	r = -EINVAL;
+ 	jobj = json_object_new_object();
+ 	if (!jobj) {
+ 		r = -ENOMEM;
+-- 
+2.33.0
+
diff --git a/cryptsetup.spec b/cryptsetup.spec
index 230863cdb6cea66e81826baf66f8761443aeac3a..80fc32a36bfae56c62f24591f8588a83829d4836 100644
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@@ -1,6 +1,6 @@
 Name:     cryptsetup
 Version:  2.6.0
-Release:  1
+Release:  2
 Summary:  Utility used to conveniently set up disk encryption
 License:  GPLv2+ and CC0-1.0 and LGPLv2+
 URL:      https://gitlab.com/cryptsetup/cryptsetup
@@ -8,6 +8,8 @@ Source0:  https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{ve
 
 Patch1:  0001-cryptsetup-add-system-library-paths.patch
 Patch2:  0002-fix-compat-test.patch
+Patch3:  0003-fix-potential-null-pointer-dereference.patch
+Patch4:  0004-Update-file-cryptsetup-ssh.c.patch
 
 BuildRequires: openssl-devel, popt-devel, device-mapper-devel,  gcc, libssh-devel, asciidoctor
 BuildRequires: libuuid-devel, json-c-devel, libargon2-devel, libpwquality-devel, libblkid-devel
@@ -102,6 +104,9 @@ make check
 %{_mandir}/man8/*
 
 %changelog
+* Wed Mar 22 2023 wangzhiqiang <wangzhiqiang95@huawei.com> - 2.6.0-2
+- fix potential null pointer dereference
+
 * Thu Feb 2 2023 wangzhiqiang <wangzhiqiang95@huawei.com> - 2.6.0-1
 - upgrade version to 2.6.0