Add deep copy of propq field in mac_dupctx to avoid double free
authorzekeevans-mf <77804765+zekeevans-mf@users.noreply.github.com>
Thu, 21 Jan 2021 19:24:51 +0000 (12:24 -0700)
committerTomas Mraz <tomas@openssl.org>
Thu, 18 Feb 2021 11:11:53 +0000 (12:11 +0100)
commitbcb61b39b47419b9de1dbc37cd2f67b71eeb23ea
tree3dad4b6111b94d81acc44a8555b211db24c8ae07
parent5d8ffebbcdf4992d3c428201b1f3330020bbe92e
Add deep copy of propq field in mac_dupctx to avoid double free

mac_dupctx() should make a copy of the propq field. Currently it
does a shallow copy which can result in a double free and crash.
The double free occurs when using a provider property string.
For example, passing in "fips=no" to SSL_CTX_new_ex() causes the
propq field to get set to that value. When mac_dupctx() and
mac_freectx() is called (ie: in SSL_write()) it ends up freeing
the reference of the original object instead of a copy.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13926)
providers/implementations/signature/mac_legacy.c