From 0af4f789497e3f3ba6818138f64585c080464044 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 10 Jan 2022 10:51:31 +0000
Subject: Prevent a double free in EVP_MD_CTX_copy_ex()

NULL out two pointer values after memcpy() to avoid a double free.
In the event that both in->pctx and in->md_data are non-NULL and
the calloc() of out->md_data fails, a double free could occur.

ok inoguchi jsing
---
 src/lib/libcrypto/evp/digest.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index fd42318044..ecb5292532 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest.c,v 1.33 2022/01/09 15:15:25 tb Exp $ */
+/* $OpenBSD: digest.c,v 1.34 2022/01/10 10:51:31 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -281,6 +281,8 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
 		tmp_buf = NULL;
 	EVP_MD_CTX_cleanup(out);
 	memcpy(out, in, sizeof *out);
+	out->md_data = NULL;
+	out->pctx = NULL;
 
 	/*
 	 * Because of the EVP_PKEY_CTX_dup() below, EVP_MD_CTX_cleanup() needs
-- 
cgit v1.2.3-55-g6feb