Google Git
Sign in
boringssl/boringssl.git/c087c332f89b86b7fc6768e461c97a5ef24b1670^!/.
commit
c087c332f89b86b7fc6768e461c97a5ef24b1670
[log]
author
Steven Valdez <svaldez@google.com>
Tue Mar 22 11:14:22 2016 -0400
committer
David Benjamin <davidben@google.com>
Tue Mar 22 15:17:32 2016 +0000
tree
7a70c1fee150149f779692dfa3f998eaec8fa344
parent
be1224882962b63b716ef717377db75f0a805de5 [diff]
Fix potential double free in EVP_DigestInit_ex

There is a potential double free in EVP_DigestInit_ex. This is believed
to be reached only as a result of programmer error - but we should fix it
anyway.

(Imported from upstream's e78dc7e279ed98e1ab9845a70d14dafdfdc88f58)

Change-Id: I1da7be7db7afcbe9f30f168df000d64ed73d7edd
Reviewed-on: https://boringssl-review.googlesource.com/7541
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/crypto/digest/digest.c b/crypto/digest/digest.c
index eb71b07..f47cd0a 100644
--- a/crypto/digest/digest.c
+++ b/crypto/digest/digest.c

@@ -166,6 +166,7 @@
   if (ctx->digest != type) {
     if (ctx->digest && ctx->digest->ctx_size > 0) {
       OPENSSL_free(ctx->md_data);
+      ctx->md_data = NULL;
     }
     ctx->digest = type;
     if (type->ctx_size > 0) {