From: Pauli <paul.dale@oracle.com>
Date: Wed, 26 Aug 2020 04:36:50 +0000 (+1000)
Subject: EVP: NULL pctx pointer after free.
X-Git-Tag: openssl-3.0.0-alpha7~474
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=625679b6d79296e020bb0cad31d6ac24ad547a39;p=thirdparty%2Fopenssl.git

EVP: NULL pctx pointer after free.

Not doing so can result in a double free.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12718)
---

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index f9ba59ca635..c9b4e3fd6e3 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -34,8 +34,10 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
      * pctx should be freed by the user of EVP_MD_CTX
      * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
      */
-    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
+    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) {
         EVP_PKEY_CTX_free(ctx->pctx);
+        ctx->pctx = NULL;
+    }
 #endif
 
     EVP_MD_free(ctx->fetched_digest);