From: slontis <shane.lontis@oracle.com>
Date: Mon, 14 Jul 2025 01:01:41 +0000 (+1000)
Subject: LMS Coverity fix 1659009
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43f4da917ac15fb9685e969634534f3cd1eb9901;p=thirdparty%2Fopenssl.git

LMS Coverity fix 1659009

Fix deref after free.

If ctx->key is already set and the passed in key is NULL then ctx->key
should not be set to NULL.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28030)
---

diff --git a/providers/implementations/signature/lms_signature.c b/providers/implementations/signature/lms_signature.c
index 41a1fdc372d..7cc2ffa3cca 100644
--- a/providers/implementations/signature/lms_signature.c
+++ b/providers/implementations/signature/lms_signature.c
@@ -97,7 +97,8 @@ static int lms_verify_msg_init(void *vctx, void *vkey, const OSSL_PARAM params[]
         ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
         return 0;
     }
-    ctx->key = key;
+    if (key != NULL)
+        ctx->key = key;
     return setdigest(ctx, NULL);
 }