Commit b5c45d8407 for openssl.org

commit b5c45d8407980ec0963bebc647ed2fb85b94996f
Author: Tomas Mraz <tomas@openssl.org>
Date:   Wed Jan 21 19:10:28 2026 +0100

    rsa_sig.c: Properly duplicate the sig member

    Otherwise UAF and doublefree appears when the duplicate
    is freed.

    Reviewed-by: Richard Levitte <levitte@openssl.org>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    MergeDate: Fri Jan 23 10:37:34 2026
    (Merged from https://github.com/openssl/openssl/pull/29707)

diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index c11b9daaed..96e631ae6c 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -1347,6 +1347,7 @@ static void *rsa_dupctx(void *vprsactx)
     dstctx->mdctx = NULL;
     dstctx->tbuf = NULL;
     dstctx->propq = NULL;
+    dstctx->sig = NULL;

     if (srcctx->rsa != NULL && !RSA_up_ref(srcctx->rsa))
         goto err;
@@ -1373,6 +1374,12 @@ static void *rsa_dupctx(void *vprsactx)
             goto err;
     }

+    if (srcctx->sig != NULL) {
+        dstctx->sig = OPENSSL_memdup(srcctx->sig, srcctx->siglen);
+        if (dstctx->sig == NULL)
+            goto err;
+    }
+
     return dstctx;
 err:
     rsa_freectx(dstctx);