evp_pkey_ctx_free_old_ops(): Make sure to assign NULL to freed pointers
authorRichard Levitte <levitte@openssl.org>
Tue, 29 Oct 2019 21:17:19 +0000 (22:17 +0100)
committerRichard Levitte <levitte@openssl.org>
Thu, 31 Oct 2019 11:26:59 +0000 (12:26 +0100)
Otherwise, should this function be called more than once on the same
EVP_PKEY_CTX, we get double free issues.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10292)

crypto/evp/pmeth_lib.c

index 1186e5b..350d963 100644 (file)
@@ -201,10 +201,14 @@ void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx)
         if (ctx->op.kex.exchprovctx != NULL && ctx->op.kex.exchange != NULL)
             ctx->op.kex.exchange->freectx(ctx->op.kex.exchprovctx);
         EVP_KEYEXCH_free(ctx->op.kex.exchange);
+        ctx->op.kex.exchprovctx = NULL;
+        ctx->op.kex.exchange = NULL;
     } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
         if (ctx->op.sig.sigprovctx != NULL && ctx->op.sig.signature != NULL)
             ctx->op.sig.signature->freectx(ctx->op.sig.sigprovctx);
         EVP_SIGNATURE_free(ctx->op.sig.signature);
+        ctx->op.sig.sigprovctx = NULL;
+        ctx->op.sig.signature = NULL;
     }
 }