ossl_provider_add_to_store: Avoid use-after-free

Avoid freeing a provider that was not up-ref-ed before. Fixes #17292 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17295)
author: Tomas Mraz <tomas@openssl.org> 2021-12-16 16:24:44 +0100
committer: Tomas Mraz <tomas@openssl.org> 2021-12-17 17:33:49 +0100
commit: 33df7cbe5e38feb0cf962386bcac061c3743ecf2 (patch)
tree: c88c65081b3eb620ca3cf72ed683cdeb1381599b /crypto/provider_core.c
parent: c81eed84e4e9025e933778f5e8326b1e4435e094 (diff)
download: openssl-new-33df7cbe5e38feb0cf962386bcac061c3743ecf2.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 1d5787a648..e04734c12e 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -602,6 +602,9 @@ int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov,
     OSSL_PROVIDER tmpl = { 0, };
     OSSL_PROVIDER *actualtmp = NULL;
 
+    if (actualprov != NULL)
+        *actualprov = NULL;
+
     if ((store = get_provider_store(prov->libctx)) == NULL)
         return 0;
 
@@ -658,7 +661,7 @@ int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov,
  err:
     CRYPTO_THREAD_unlock(store->lock);
     if (actualprov != NULL)
-        ossl_provider_free(actualtmp);
+        ossl_provider_free(*actualprov);
     return 0;
 }
author	Tomas Mraz <tomas@openssl.org>	2021-12-16 16:24:44 +0100
committer	Tomas Mraz <tomas@openssl.org>	2021-12-17 17:33:49 +0100
commit	33df7cbe5e38feb0cf962386bcac061c3743ecf2 (patch)
tree	c88c65081b3eb620ca3cf72ed683cdeb1381599b /crypto/provider_core.c
parent	c81eed84e4e9025e933778f5e8326b1e4435e094 (diff)
download	openssl-new-33df7cbe5e38feb0cf962386bcac061c3743ecf2.tar.gz