Don't double free a DH object

Having created a DH object and assigned it to an EVP_PKEY - we should not free both the EVP_PKEY and the original DH. This will lead to a double free occurring. This issue was discovered and reported by GitHub Security Lab team member Agustin Gianni. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11441)
author: Matt Caswell <matt@openssl.org> 2020-03-30 14:15:06 +0100
committer: Matt Caswell <matt@openssl.org> 2020-04-01 17:16:58 +0100
commit: fe56d5951f0b42fd3ff1cf42a96d07f06f9692bc (patch)
tree: 1545df80547413421ff412b0bf1040b375550b3c /ssl
parent: a4a93bbfb0e679eaa249f77c7c4e7e823ca870ef (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 534902f9b9..4c4e6cb209 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2152,9 +2152,10 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
                  ERR_R_EVP_LIB);
         goto err;
     }
+    dh = NULL;
 
     if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
-                      0, dh)) {
+                      0, EVP_PKEY_get0_DH(peer_tmp))) {
         SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
                  SSL_R_DH_KEY_TOO_SMALL);
         goto err;
author	Matt Caswell <matt@openssl.org>	2020-03-30 14:15:06 +0100
committer	Matt Caswell <matt@openssl.org>	2020-04-01 17:16:58 +0100
commit	fe56d5951f0b42fd3ff1cf42a96d07f06f9692bc (patch)
tree	1545df80547413421ff412b0bf1040b375550b3c /ssl
parent	a4a93bbfb0e679eaa249f77c7c4e7e823ca870ef (diff)