From ffe9150b1508a0ffc9e724f975691f24eb045c05 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 14 Mar 2016 17:06:19 +0000 Subject: [PATCH] Fix a potential double free in EVP_DigestInit_ex There is a potential double free in EVP_DigestInit_ex. This is believed to be reached only as a result of programmer error - but we should fix it anyway. Issue reported by Guido Vranken. Reviewed-by: Richard Levitte --- crypto/evp/digest.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index f89f1c844..0ed884565 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -219,8 +219,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } #endif if (ctx->digest != type) { - if (ctx->digest && ctx->digest->ctx_size) + if (ctx->digest && ctx->digest->ctx_size) { OPENSSL_free(ctx->md_data); + ctx->md_data = NULL; + } ctx->digest = type; if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { ctx->update = type->update;