From: Pauli <pauli@openssl.org>
Date: Sun, 18 Apr 2021 22:59:37 +0000 (+1000)
Subject: test: fix double free problems.
X-Git-Tag: openssl-3.0.0-alpha15~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6bcbc3698557739da03495920a57be4ffe219fa4;p=thirdparty%2Fopenssl.git

test: fix double free problems.

In function test_EVP_PKEY_ffc_priv_pub, params is freed via OSSL_PARAM_free() at line 577.
If the condition at line 581 is true, the execution will goto err, and params will be freed again at line 630.

The same problem also happens at line 593 and line 609, which causes two double free bugs.

Bugs reported by @Yunlongs

Fixes 14916

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14921)
---

diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 6140e16e261..a290878a7dc 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -575,6 +575,7 @@ static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
     if (!test_fromdata(keytype, params))
         goto err;
     OSSL_PARAM_free(params);
+    params = NULL;
     OSSL_PARAM_BLD_free(bld);
 
     /* Test priv and !pub */
@@ -591,6 +592,7 @@ static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
     if (!test_fromdata(keytype, params))
         goto err;
     OSSL_PARAM_free(params);
+    params = NULL;
     OSSL_PARAM_BLD_free(bld);
 
     /* Test !priv and pub */
@@ -607,6 +609,7 @@ static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
     if (!test_fromdata(keytype, params))
         goto err;
     OSSL_PARAM_free(params);
+    params = NULL;
     OSSL_PARAM_BLD_free(bld);
 
     /* Test priv and pub */