Fix potential double free in rsa_keygen pairwise test.
authorShane Lontis <shane.lontis@oracle.com>
Wed, 17 Jun 2020 07:26:47 +0000 (17:26 +1000)
committerRichard Levitte <levitte@openssl.org>
Tue, 23 Jun 2020 10:28:48 +0000 (12:28 +0200)
It should never hit this branch of code, so there is no feasible test.
Found due to a similar issue in PR #12176.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12177)

crypto/rsa/rsa_gen.c

index e391f64..1cdc8d9 100644 (file)
@@ -451,6 +451,12 @@ static int rsa_keygen(OPENSSL_CTX *libctx, RSA *rsa, int bits, int primes,
             BN_clear_free(rsa->dmp1);
             BN_clear_free(rsa->dmq1);
             BN_clear_free(rsa->iqmp);
+            rsa->d = NULL;
+            rsa->p = NULL;
+            rsa->q = NULL;
+            rsa->dmp1 = NULL;
+            rsa->dmq1 = NULL;
+            rsa->iqmp = NULL;
         }
     }
     return ok;