engine: fix double free on error path.

In function try_decode_PKCS8Encrypted, p8 is freed via X509_SIG_free() at line 481. If function new_EMBEDDED() returns a null pointer at line 483, the execution will goto nop8. In the nop8 branch, p8 is freed again at line 491. Bug reported by @Yunlongs Fixes #14915 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14921)
author: Pauli <pauli@openssl.org> 2021-04-19 00:57:18 +0200
committer: Pauli <pauli@openssl.org> 2021-04-21 01:17:22 +0200
commit: efe8d69daa1a68be0a7f0f73220947c848e7ed1d (patch)
tree: 50ab5910e13006a82ce9f6edd684ca822da9a667 /engines
parent: ts: fix double free on error path. (diff)
download: openssl-efe8d69daa1a68be0a7f0f73220947c848e7ed1d.tar.xz
openssl-efe8d69daa1a68be0a7f0f73220947c848e7ed1d.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c
index 3ec31f8fc7..802b3d9067 100644
--- a/engines/e_loader_attic.c
+++ b/engines/e_loader_attic.c
@@ -479,6 +479,7 @@ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,
     mem->data = (char *)new_data;
     mem->max = mem->length = (size_t)new_data_len;
     X509_SIG_free(p8);
+    p8 = NULL;
 
     store_info = new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
     if (store_info == NULL) {
author	Pauli <pauli@openssl.org>	2021-04-19 00:57:18 +0200
committer	Pauli <pauli@openssl.org>	2021-04-21 01:17:22 +0200
commit	efe8d69daa1a68be0a7f0f73220947c848e7ed1d (patch)
tree	50ab5910e13006a82ce9f6edd684ca822da9a667 /engines
parent	ts: fix double free on error path. (diff)
download	openssl-efe8d69daa1a68be0a7f0f73220947c848e7ed1d.tar.xz openssl-efe8d69daa1a68be0a7f0f73220947c848e7ed1d.zip