From 7b324bb09f6313b370954fde8f2034a6055d8c2f Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 20 Oct 2020 14:16:30 +0200
Subject: Avoid potential doublefree on dh object assigned to EVP_PKEY

Fixes regression from 7844f3c784bfc93c9b94ae5a4082f9d01e82e0af

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13194)
---
 ssl/statem/statem_clnt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 3bf8aacfc0..fd3b79c4ef 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2150,6 +2150,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
                  ERR_R_EVP_LIB);
         goto err;
     }
+    dh = NULL;
 
     if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
                       0, peer_tmp)) {
-- 
cgit v1.2.3