OPENSSL_LH_flush(): assign NULL after freeing
authorRichard Levitte <levitte@openssl.org>
Thu, 18 Apr 2019 14:33:21 +0000 (16:33 +0200)
committerRichard Levitte <levitte@openssl.org>
Fri, 19 Apr 2019 08:24:16 +0000 (10:24 +0200)
OPENSSL_LH_flush() frees the linked lists for each slot, but didn't
set the list head to NULL after doing so, with the result that an
operation that affects these lists is likely to cause a crash.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8781)

crypto/lhash/lhash.c

index aa0ca1c..e3c7ac4 100644 (file)
@@ -98,6 +98,7 @@ void OPENSSL_LH_flush(OPENSSL_LHASH *lh)
             OPENSSL_free(n);
             n = nn;
         }
+        lh->b[i] = NULL;
     }
 }