From f4aa4d519c61b8d91307a436427a03925fe149e4 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Tue, 13 Nov 2018 01:25:13 +0000
Subject: NULL out mdctx to prevent possible double free introduced in version
 1.4 Spotted by maestre@, ok tb@

---
 src/lib/libssl/tls13_key_schedule.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/tls13_key_schedule.c')

diff --git a/src/lib/libssl/tls13_key_schedule.c b/src/lib/libssl/tls13_key_schedule.c
index af273d6d27..8a0b3e8af4 100644
--- a/src/lib/libssl/tls13_key_schedule.c
+++ b/src/lib/libssl/tls13_key_schedule.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_key_schedule.c,v 1.6 2018/11/10 01:34:02 jsing Exp $ */
+/* $OpenBSD: tls13_key_schedule.c,v 1.7 2018/11/13 01:25:13 beck Exp $ */
 /* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -151,6 +151,7 @@ tls13_secrets_create(const EVP_MD *digest, int resumption)
 	if (!EVP_DigestFinal_ex(mdctx, secrets->empty_hash.data, &mdlen))
 		goto err;
 	EVP_MD_CTX_free(mdctx);
+	mdctx = NULL;
 
 	if (secrets->empty_hash.len != mdlen)
 		goto err;
-- 
cgit v1.2.3-55-g6feb