ossl_provider_add_to_store: Avoid use-after-free

Avoid freeing a provider that was not up-ref-ed before. Fixes #17292 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #17295) (cherry picked from commit 33df7cb)
openssl · Dec 17, 2021 · c526c51 · c526c51
1 parent 1d02ce4
commit c526c51
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
@@ -603,6 +603,9 @@ int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov,
     OSSL_PROVIDER tmpl = { 0, };
     OSSL_PROVIDER *actualtmp = NULL;
 
+    if (actualprov != NULL)
+        *actualprov = NULL;
+
     if ((store = get_provider_store(prov->libctx)) == NULL)
         return 0;
 
@@ -659,7 +662,7 @@ int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov,
  err:
     CRYPTO_THREAD_unlock(store->lock);
     if (actualprov != NULL)
-        ossl_provider_free(actualtmp);
+        ossl_provider_free(*actualprov);
     return 0;
 }