diff options
| author | Richard Levitte <levitte@openssl.org> | 2015-12-18 13:03:45 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2016-01-02 20:39:24 +0100 |
| commit | 6aa0ba4bb2833b1e0d6ae98c54c79bfed8257c3a (patch) | |
| tree | 05e7d8bc8448da1a1f83a0e37761a06f171a7de3 | |
| parent | Protocol version selection and negotiation rewrite (diff) | |
| download | openssl-6aa0ba4bb2833b1e0d6ae98c54c79bfed8257c3a.tar.xz openssl-6aa0ba4bb2833b1e0d6ae98c54c79bfed8257c3a.zip | |
Fix a possible memleak
If there's a failure allocating md_data, the destination pctx will have
a shared pointer with the source EVP_MD_CTX, which will lead to problems
when either the source or the destination is freed.
Reviewed-by: Stephen Henson <steve@openssl.org>
| -rw-r--r-- | crypto/evp/digest.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 5da0e01039..33688f99e4 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -312,6 +312,13 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVP_MD_CTX_reset(out); memcpy(out, in, sizeof(*out)); + /* Null these variables, since they are getting fixed up + * properly below. Anything else may cause a memleak and/or + * double free if any of the memory allocations below fail + */ + out->md_data = NULL; + out->pctx = NULL; + if (in->md_data && out->digest->ctx_size) { if (tmp_buf) out->md_data = tmp_buf; |