rsa_enc.c: Properly duplicate the oaep_label member

Otherwise UAF and doublefree appears when the duplicate
is freed.
Reported by Tomas Dulka and Stanislav Fort (Aisle Research)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Fri Jan 23 10:37:36 2026
(Merged from https://github.com/openssl/openssl/pull/29707)

diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index c2768c5931772d8b2ca3874c429d9a0f8f482ce8..58c76716609c60cc7ee5354a14b392711c6c20af 100644 (file)
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -361,6 +361,12 @@ static void *rsa_dupctx(void *vprsactx)
         return NULL;
     }
 
+    if (dstctx->oaep_label != NULL
+        && (dstctx->oaep_label = OPENSSL_memdup(dstctx->oaep_label, dstctx->oaep_labellen)) == NULL) {
+        rsa_freectx(dstctx);
+        return NULL;
+    }
+
     return dstctx;
 }