Commit ecb4757b37 for openssl.org

commit ecb4757b377ffb468b39bee76ed6d38f6bf51416
Author: yangxuqing <43904538+RigelYoung@users.noreply.github.com>
Date:   Sat May 23 10:33:35 2026 +0800

    crypto/evp/m_sigver.c: fix potential double free on error path in do_sigver_init

    In do_sigver_init(), if the for loop proceeds to its second iteration
    (iter = 2), the results from the first iteration (signature and
    tmp_keymgmt) are explicitly freed at the beginning of the loop.
    However, the pointers are not set to NULL after being freed.

    If an error occurs subsequently during this second iteration (for
    example, if evp_signature_fetch_from_prov() returns NULL, triggering a
    goto notsupported), the control flow jumps to the generic cleanup block
    at the end of the function. This cleanup block calls
    EVP_KEYMGMT_free(tmp_keymgmt) again on the dangling pointer, resulting
    in a double free.

    This commit resolves the issue by explicitly nullifying these pointers
    immediately after they are freed at the start of the loop iteration.

    (Note: This issue was discussed with the OpenSSL Security Team, who
    classified it as a regular bug due to lack of attacker control and
    requested a public PR.)

    Fixes: 839ffdd11cd4 "EVP: Allow a fallback for operations that work with an EVP_PKEY"
    CLA: trivial

    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Tue May 26 15:28:15 2026
    (Merged from https://github.com/openssl/openssl/pull/31276)

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index d296ef113f..a79d656804 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -131,7 +131,9 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
          * iteration we're on.
          */
         EVP_SIGNATURE_free(signature);
+        signature = NULL;
         EVP_KEYMGMT_free(tmp_keymgmt);
+        tmp_keymgmt = NULL;

         switch (iter) {
         case 1: