The branch master has been updated via 33df7cbe5e38feb0cf962386bcac061c3743ecf2 (commit) from c81eed84e4e9025e933778f5e8326b1e4435e094 (commit)
- Log ----------------------------------------------------------------- commit 33df7cbe5e38feb0cf962386bcac061c3743ecf2 Author: Tomas Mraz <to...@openssl.org> Date: Thu Dec 16 16:24:44 2021 +0100 ossl_provider_add_to_store: Avoid use-after-free Avoid freeing a provider that was not up-ref-ed before. Fixes #17292 Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17295) ----------------------------------------------------------------------- Summary of changes: crypto/provider_core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 1d5787a648..e04734c12e 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -602,6 +602,9 @@ int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov, OSSL_PROVIDER tmpl = { 0, }; OSSL_PROVIDER *actualtmp = NULL; + if (actualprov != NULL) + *actualprov = NULL; + if ((store = get_provider_store(prov->libctx)) == NULL) return 0; @@ -658,7 +661,7 @@ int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov, err: CRYPTO_THREAD_unlock(store->lock); if (actualprov != NULL) - ossl_provider_free(actualtmp); + ossl_provider_free(*actualprov); return 0; }