From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 20 Jan 2025 07:53:21 +0000 (+0100)
Subject: kdf_scrypt_reset(): NULLify freed pointers
X-Git-Tag: openssl-3.1.8~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f40345597f5344f0398642b29d86ad91441a4bd;p=thirdparty%2Fopenssl.git

kdf_scrypt_reset(): NULLify freed pointers

Otherwise doublefree happens with further usage.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26488)

(cherry picked from commit 901b108154fd8d28516b9b4bebde93ac5bc2a224)
---

diff --git a/providers/implementations/kdfs/scrypt.c b/providers/implementations/kdfs/scrypt.c
index e1161248bf0..29ce2099e14 100644
--- a/providers/implementations/kdfs/scrypt.c
+++ b/providers/implementations/kdfs/scrypt.c
@@ -94,7 +94,9 @@ static void kdf_scrypt_reset(void *vctx)
     KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx;
 
     OPENSSL_free(ctx->salt);
+    ctx->salt = NULL;
     OPENSSL_clear_free(ctx->pass, ctx->pass_len);
+    ctx->pass = NULL;
     kdf_scrypt_init(ctx);
 }