From: Matt Caswell <matt@openssl.org>
Date: Wed, 24 Feb 2021 15:04:41 +0000 (+0000)
Subject: Avoid a null pointer deref on a malloc failure
X-Git-Tag: openssl-3.0.0-alpha13~31
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ec961f866ac048a2d3dfd6adcfa95042114bef52;p=thirdparty%2Fopenssl.git

Avoid a null pointer deref on a malloc failure

Make sure we were sucessful in creating an EVP_PKEY

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
---

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 63f3f4cbc7b..ef38c5e3333 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1824,10 +1824,15 @@ int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src)
             keytype = OBJ_nid2sn(type);
 
         /* Make sure we have a clean slate to copy into */
-        if (*dest == NULL)
+        if (*dest == NULL) {
             *dest = EVP_PKEY_new();
-        else
+            if (*dest == NULL) {
+                ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        } else {
             evp_pkey_free_it(*dest);
+        }
 
         if (EVP_PKEY_set_type(*dest, type)) {
             /* If the key is typed but empty, we're done */