Fix a possible memleak

If there's a failure allocating md_data, the destination pctx will have a shared pointer with the source EVP_MD_CTX, which will lead to problems when either the source or the destination is freed. Reviewed-by: Stephen Henson <steve@openssl.org>
author: Richard Levitte <levitte@openssl.org> 2015-12-18 13:03:45 +0100
committer: Richard Levitte <levitte@openssl.org> 2016-01-02 20:39:24 +0100
commit: 6aa0ba4bb2833b1e0d6ae98c54c79bfed8257c3a (patch)
tree: 05e7d8bc8448da1a1f83a0e37761a06f171a7de3
parent: 4fa52141b08fca89250805afcf2f112a2e0d3500 (diff)
download: openssl-6aa0ba4bb2833b1e0d6ae98c54c79bfed8257c3a.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 5da0e01039..33688f99e4 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -312,6 +312,13 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
     EVP_MD_CTX_reset(out);
     memcpy(out, in, sizeof(*out));
 
+    /* Null these variables, since they are getting fixed up
+     * properly below.  Anything else may cause a memleak and/or
+     * double free if any of the memory allocations below fail
+     */
+    out->md_data = NULL;
+    out->pctx = NULL;
+
     if (in->md_data && out->digest->ctx_size) {
         if (tmp_buf)
             out->md_data = tmp_buf;
author	Richard Levitte <levitte@openssl.org>	2015-12-18 13:03:45 +0100
committer	Richard Levitte <levitte@openssl.org>	2016-01-02 20:39:24 +0100
commit	6aa0ba4bb2833b1e0d6ae98c54c79bfed8257c3a (patch)
tree	05e7d8bc8448da1a1f83a0e37761a06f171a7de3
parent	4fa52141b08fca89250805afcf2f112a2e0d3500 (diff)
download	openssl-6aa0ba4bb2833b1e0d6ae98c54c79bfed8257c3a.tar.gz