From 1bc9b20b1a80f929919fed29c53a353f4e7dc60e Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 4 Jan 2023 14:21:26 +0100
Subject: [PATCH] pki: Initialize pointers and avoid double-free with OSSL 3.0

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
(cherry picked from commit dac62e7439670595d28d0a6ae0e10590d296b763)
---
 src/pki_crypto.c | 21 +++++----------------
 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index d41fa7ce..013f569e 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -2050,7 +2050,7 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
 #if 0
                 const void *pubkey;
                 size_t pubkey_len;
-                OSSL_PARAM *params, *locate_param;
+                OSSL_PARAM *params = NULL, *locate_param = NULL;
 #endif /* OPENSSL_VERSION_NUMBER */
 
                 type_s = ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
@@ -2082,13 +2082,6 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
                 e = make_ecpoint_string(EC_KEY_get0_group(key->ecdsa),
                                         EC_KEY_get0_public_key(key->ecdsa));
 #else
-                rc = ssh_buffer_add_ssh_string(buffer, type_s);
-                SSH_STRING_FREE(type_s);
-                if (rc < 0) {
-                    SSH_BUFFER_FREE(buffer);
-                    return NULL;
-                }
-
                 rc = EVP_PKEY_todata(key->key, EVP_PKEY_PUBLIC_KEY, &params);
                 if (rc < 0) {
                     OSSL_PARAM_free(params);
@@ -2109,7 +2102,6 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
                 rc = OSSL_PARAM_get_octet_string_ptr(locate_param, &pubkey, &pubkey_len);
                 if (rc != 1) {
                     OSSL_PARAM_free(params);
-                    OSSL_PARAM_free(locate_param);
                     goto fail;
                 }
 
@@ -2127,7 +2119,6 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
 #if 0
                 if (memcpy(ssh_string_data(e), pubkey, pubkey_len) == NULL) {
                     OSSL_PARAM_free(params);
-                    OSSL_PARAM_free(locate_param);
                     goto fail;
                 }
 #endif /* OPENSSL_VERSION_NUMBER */
@@ -2139,7 +2130,6 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
  */
 #if 0
                     OSSL_PARAM_free(params);
-                    OSSL_PARAM_free(locate_param);
 #endif /* OPENSSL_VERSION_NUMBER */
                     goto fail;
                 }
@@ -2153,13 +2143,12 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
  */
 #if 0
                 OSSL_PARAM_free(params);
-                OSSL_PARAM_free(locate_param);
 #endif /* OPENSSL_VERSION_NUMBER */
 
-            if (key->type == SSH_KEYTYPE_SK_ECDSA &&
-                ssh_buffer_add_ssh_string(buffer, key->sk_application) < 0) {
-                goto fail;
-            }
+                if (key->type == SSH_KEYTYPE_SK_ECDSA &&
+                    ssh_buffer_add_ssh_string(buffer, key->sk_application) < 0) {
+                    goto fail;
+                }
 
                 break;
             }