From: Matt Caswell Date: Mon, 14 Mar 2016 17:06:19 +0000 (+0000) Subject: Fix a potential double free in EVP_DigestInit_ex X-Git-Tag: OpenSSL_1_0_2h~32 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e78dc7e279ed98e1ab9845a70d14dafdfdc88f58;p=oweals%2Fopenssl.git Fix a potential double free in EVP_DigestInit_ex There is a potential double free in EVP_DigestInit_ex. This is believed to be reached only as a result of programmer error - but we should fix it anyway. Issue reported by Guido Vranken. Reviewed-by: Richard Levitte (cherry picked from commit ffe9150b1508a0ffc9e724f975691f24eb045c05) --- diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index f2643f3248..5b642b23fc 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -212,8 +212,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } #endif if (ctx->digest != type) { - if (ctx->digest && ctx->digest->ctx_size) + if (ctx->digest && ctx->digest->ctx_size) { OPENSSL_free(ctx->md_data); + ctx->md_data = NULL; + } ctx->digest = type; if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { ctx->update = type->update;