From e78dc7e279ed98e1ab9845a70d14dafdfdc88f58 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 14 Mar 2016 17:06:19 +0000
Subject: [PATCH] Fix a potential double free in EVP_DigestInit_ex

There is a potential double free in EVP_DigestInit_ex. This is believed
to be reached only as a result of programmer error - but we should fix it
anyway.

Issue reported by Guido Vranken.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit ffe9150b1508a0ffc9e724f975691f24eb045c05)
---
 crypto/evp/digest.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index f2643f3248..5b642b23fc 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -212,8 +212,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
     }
 #endif
     if (ctx->digest != type) {
-        if (ctx->digest && ctx->digest->ctx_size)
+        if (ctx->digest && ctx->digest->ctx_size) {
             OPENSSL_free(ctx->md_data);
+            ctx->md_data = NULL;
+        }
         ctx->digest = type;
         if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
             ctx->update = type->update;
-- 
2.40.0