From 6cf811e8678b23d03621c94a562181eb73ccc2e0 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 9 Jun 2021 16:27:05 +0200
Subject: ossl_provider_set_module_path: Prevent potential UAF

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15680)
---
 crypto/provider_core.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'crypto')

diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 30fa44d789..c6a8fa3f26 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -483,6 +483,7 @@ void ossl_provider_free(OSSL_PROVIDER *prov)
 int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path)
 {
     OPENSSL_free(prov->path);
+    prov->path = NULL;
     if (module_path == NULL)
         return 1;
     if ((prov->path = OPENSSL_strdup(module_path)) != NULL)
-- 
cgit v1.2.3