From 903b5d24f4bfbe5fcf9f1c32758c10b32bdb5364 Mon Sep 17 00:00:00 2001
From: Toddr Bot <toddbot@rinaldo.us>
Date: Tue, 24 Mar 2026 02:28:18 +0000
Subject: [PATCH] fix: NULL BIGNUMs after free to prevent double-free in
 _new_key_from_parameters()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Both the if (p||q) and else branches on OpenSSL 3.x free the BIGNUM
parameters (n, e, d, p, q) after EVP_PKEY_fromdata() succeeds, since
OSSL_PARAM_BLD_push_BN() copies the values. However, if make_rsa_obj()
subsequently fails, execution falls through to the err: label which
frees the same BIGNUMs again — a double-free.

Fix: set pointers to NULL immediately after freeing so the error
handler's BN_clear_free() calls become no-ops.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 RSA.xs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/RSA.xs b/RSA.xs
index 7e1ddc6..cdba553 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -728,6 +728,7 @@ _new_key_from_parameters(proto, n, e, d, p, q)
         BN_clear_free(dmp1);
         BN_clear_free(dmq1);
         BN_clear_free(iqmp);
+        n = e = d = p = q = NULL;
 #endif
         dmp1 = dmq1 = iqmp = NULL;
         BN_CTX_free(ctx);
@@ -769,6 +770,7 @@ _new_key_from_parameters(proto, n, e, d, p, q)
         BN_clear_free(n);
         BN_clear_free(e);
         BN_clear_free(d);
+        n = e = d = NULL;
 #else
         CHECK_OPEN_SSL(RSA_set0_key(rsa, n, e, d));
 #endif