Fix a potential double free in EVP_DigestInit_ex

There is a potential double free in EVP_DigestInit_ex. This is believed to be reached only as a result of programmer error - but we should fix it anyway. Issue reported by Guido Vranken. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-03-14 17:06:19 +0000
committer: Matt Caswell <matt@openssl.org> 2016-03-18 11:40:00 +0000
commit: ffe9150b1508a0ffc9e724f975691f24eb045c05 (patch)
tree: 651da86d34f39172f94feae0db3975bf4de15e0d
parent: 507c7c0ed6cbecbe16114dbbbb9fecc5ce5863a4 (diff)
download: openssl-ffe9150b1508a0ffc9e724f975691f24eb045c05.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index f89f1c8447..0ed884565a 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -219,8 +219,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
     }
 #endif
     if (ctx->digest != type) {
-        if (ctx->digest && ctx->digest->ctx_size)
+        if (ctx->digest && ctx->digest->ctx_size) {
             OPENSSL_free(ctx->md_data);
+            ctx->md_data = NULL;
+        }
         ctx->digest = type;
         if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
             ctx->update = type->update;
author	Matt Caswell <matt@openssl.org>	2016-03-14 17:06:19 +0000
committer	Matt Caswell <matt@openssl.org>	2016-03-18 11:40:00 +0000
commit	ffe9150b1508a0ffc9e724f975691f24eb045c05 (patch)
tree	651da86d34f39172f94feae0db3975bf4de15e0d
parent	507c7c0ed6cbecbe16114dbbbb9fecc5ce5863a4 (diff)
download	openssl-ffe9150b1508a0ffc9e724f975691f24eb045c05.tar.gz