quic_tls.c: Precede double free on EVP_MD variable

When external quic implementation is used, the variable is not used and
double free happens whe the yield_secret_cb fails.

Resolves: #27504

Signed-off-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27713)

diff --git a/ssl/quic/quic_tls.c b/ssl/quic/quic_tls.c
index d31c93dcf9b55bbbcea8f746820a36cba3fea0f0..0cf2adbf5f78cfa432cf8e56079926d1178b51c8 100644 (file)
--- a/ssl/quic/quic_tls.c
+++ b/ssl/quic/quic_tls.c
@@ -177,6 +177,8 @@ quic_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
         if (!ossl_assert("Should not happen" == NULL))
             goto err;
 #endif
+    } else {
+        kdfdigest = NULL;
     }
 
     if (!rl->qtls->args.yield_secret_cb(level, qdir, suite_id,