From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 9 Jun 2021 14:27:05 +0000 (+0200)
Subject: ossl_provider_set_module_path: Prevent potential UAF
X-Git-Tag: openssl-3.0.0-beta1~103
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6cf811e8678b23d03621c94a562181eb73ccc2e0;p=thirdparty%2Fopenssl.git

ossl_provider_set_module_path: Prevent potential UAF

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15680)
---

diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 30fa44d789a..c6a8fa3f269 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -483,6 +483,7 @@ void ossl_provider_free(OSSL_PROVIDER *prov)
 int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path)
 {
     OPENSSL_free(prov->path);
+    prov->path = NULL;
     if (module_path == NULL)
         return 1;
     if ((prov->path = OPENSSL_strdup(module_path)) != NULL)