Fix a use after free issue when a provider context is being used and isn't cached

author Pauli <ppzgs1@gmail.com>

Wed, 3 Feb 2021 07:47:38 +0000 (17:47 +1000)

committer Pauli <ppzgs1@gmail.com>

Thu, 4 Feb 2021 04:35:25 +0000 (14:35 +1000)
author Pauli <ppzgs1@gmail.com>
Wed, 3 Feb 2021 07:47:38 +0000 (17:47 +1000)
committer Pauli <ppzgs1@gmail.com>
Thu, 4 Feb 2021 04:35:25 +0000 (14:35 +1000)
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c

index 46f4d201d99e2fc9a95a2d748bf7abedf4778ec7..e89b591978f97351a5bf22609851c2503c81b559 100644 (file)
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -25,12 +25,8 @@
  
  void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force)
  {
-    EVP_MD_free(ctx->fetched_digest);
-    ctx->fetched_digest = NULL;
-    ctx->reqdigest = NULL;
-
      if (ctx->provctx != NULL) {
-        if (ctx->digest->freectx != NULL)
+        if (ctx->digest != NULL && ctx->digest->freectx != NULL)
              ctx->digest->freectx(ctx->provctx);
          ctx->provctx = NULL;
          EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
@@ -55,6 +51,11 @@ void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force)
      ENGINE_finish(ctx->engine);
      ctx->engine = NULL;
  #endif
+
+    /* Non legacy code, this has to be later than the ctx->digest cleaning */
+    EVP_MD_free(ctx->fetched_digest);
+    ctx->fetched_digest = NULL;
+    ctx->reqdigest = NULL;
  }
  
  /* This call frees resources associated with the context */
author	Pauli <ppzgs1@gmail.com>
	Wed, 3 Feb 2021 07:47:38 +0000 (17:47 +1000)
committer	Pauli <ppzgs1@gmail.com>
	Thu, 4 Feb 2021 04:35:25 +0000 (14:35 +1000)