From: afshinpir <afshinpir@users.noreply.github.com>
Date: Wed, 8 Mar 2023 03:42:00 +0000 (+1300)
Subject: Segmentation fault in parent rng cleanup
X-Git-Tag: openssl-3.2.0-alpha1~1175
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6d45fd47f4849c8dc55b8dd5fa1e1b8a158774a0;p=thirdparty%2Fopenssl.git

Segmentation fault in parent rng cleanup

CLA: trivial
When `cleanup_entropy()` is called to cleanup parent by calling
provided `OSSL_FUNC_rand_clear_seed_fn` method, incorrect random
context is passed to the method. So accessing that context creates
a segmentation fault. Parent context should be passed rather than
DRBG's own context.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20454)
---

diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
index 11ba4552331..de9b2a5a44c 100644
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@@ -255,7 +255,7 @@ static void cleanup_entropy(PROV_DRBG *drbg, unsigned char *out, size_t outlen)
     } else if (drbg->parent_clear_seed != NULL) {
         if (!ossl_drbg_lock_parent(drbg))
             return;
-        drbg->parent_clear_seed(drbg, out, outlen);
+        drbg->parent_clear_seed(drbg->parent, out, outlen);
         ossl_drbg_unlock_parent(drbg);
     }
 }