crypto/evp/m_sigver.c: fix potential double free on error path in do_sigver_init
In do_sigver_init(), if the for loop proceeds to its second iteration
(iter = 2), the results from the first iteration (signature and
tmp_keymgmt) are explicitly freed at the beginning of the loop.
However, the pointers are not set to NULL after being freed.
If an error occurs subsequently during this second iteration (for
example, if evp_signature_fetch_from_prov() returns NULL, triggering a
goto notsupported), the control flow jumps to the generic cleanup block
at the end of the function. This cleanup block calls
EVP_KEYMGMT_free(tmp_keymgmt) again on the dangling pointer, resulting
in a double free.
This commit resolves the issue by explicitly nullifying these pointers
immediately after they are freed at the start of the loop iteration.
(Note: This issue was discussed with the OpenSSL Security Team, who
classified it as a regular bug due to lack of attacker control and
requested a public PR.)
Fixes: 839ffdd11cd4 "EVP: Allow a fallback for operations that work with an EVP_PKEY"
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Tue May 26 15:28:15 2026
(Merged from https://github.com/openssl/openssl/pull/31276)
projects / thirdparty / openssl.git / commit
