From ecb4757b377ffb468b39bee76ed6d38f6bf51416 Mon Sep 17 00:00:00 2001 From: yangxuqing <43904538+RigelYoung@users.noreply.github.com> Date: Sat, 23 May 2026 10:33:35 +0800 Subject: [PATCH] crypto/evp/m_sigver.c: fix potential double free on error path in do_sigver_init In do_sigver_init(), if the for loop proceeds to its second iteration (iter = 2), the results from the first iteration (signature and tmp_keymgmt) are explicitly freed at the beginning of the loop. However, the pointers are not set to NULL after being freed. If an error occurs subsequently during this second iteration (for example, if evp_signature_fetch_from_prov() returns NULL, triggering a goto notsupported), the control flow jumps to the generic cleanup block at the end of the function. This cleanup block calls EVP_KEYMGMT_free(tmp_keymgmt) again on the dangling pointer, resulting in a double free. This commit resolves the issue by explicitly nullifying these pointers immediately after they are freed at the start of the loop iteration. (Note: This issue was discussed with the OpenSSL Security Team, who classified it as a regular bug due to lack of attacker control and requested a public PR.) Fixes: 839ffdd11cd4 "EVP: Allow a fallback for operations that work with an EVP_PKEY" CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Eugene Syromiatnikov MergeDate: Tue May 26 15:28:15 2026 (Merged from https://github.com/openssl/openssl/pull/31276) --- crypto/evp/m_sigver.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index d296ef113fa..a79d6568049 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -131,7 +131,9 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, * iteration we're on. */ EVP_SIGNATURE_free(signature); + signature = NULL; EVP_KEYMGMT_free(tmp_keymgmt); + tmp_keymgmt = NULL; switch (iter) { case 1: -- 2.47.3