From: Norbert Pocs <norbertp@openssl.org>
Date: Wed, 28 May 2025 14:28:54 +0000 (+0200)
Subject: quic_tls.c: Precede double free on EVP_MD variable
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=258d3a695e32828df7dbda6ee9ae67d31e128f62;p=thirdparty%2Fopenssl.git

quic_tls.c: Precede double free on EVP_MD variable

When external quic implementation is used, the variable is not used and
double free happens whe the yield_secret_cb fails.

Resolves: #27504

Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27713)
---

diff --git a/ssl/quic/quic_tls.c b/ssl/quic/quic_tls.c
index d31c93dcf9b..0cf2adbf5f7 100644
--- a/ssl/quic/quic_tls.c
+++ b/ssl/quic/quic_tls.c
@@ -177,6 +177,8 @@ quic_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
         if (!ossl_assert("Should not happen" == NULL))
             goto err;
 #endif
+    } else {
+        kdfdigest = NULL;
     }
 
     if (!rl->qtls->args.yield_secret_cb(level, qdir, suite_id,