rsa_enc.c: Properly duplicate the oaep_label member

Otherwise UAF and doublefree appears when the duplicate
is freed.
Reported by Tomas Dulka and Stanislav Fort (Aisle Research)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Fri Jan 23 10:40:31 2026
(Merged from https://github.com/openssl/openssl/pull/29707)

diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index 6a82f8821768247b37caa8381dc6c6950baee372..6cbd01cbc5ccbc71f4da6d978ba2f36e0c547911 100644 (file)
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -332,6 +332,12 @@ static void *rsa_dupctx(void *vprsactx)
         return NULL;
     }
 
+    if (dstctx->oaep_label != NULL
+        && (dstctx->oaep_label = OPENSSL_memdup(dstctx->oaep_label, dstctx->oaep_labellen)) == NULL) {
+        rsa_freectx(dstctx);
+        return NULL;
+    }
+
     return dstctx;
 }