From ac76d6821e0e7e02ed28bd343c58ed49c2200a68 Mon Sep 17 00:00:00 2001
From: Greg Thain <gthain@cs.wisc.edu>
Date: Tue, 22 Jul 2025 15:13:18 -0500
Subject: [PATCH] Fix double free on scitokens systems running on openssl v1

while still not leaking memory on openssl v3 systems
---
 src/scitokens_internal.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/scitokens_internal.cpp b/src/scitokens_internal.cpp
index 0b37773..ff08355 100644
--- a/src/scitokens_internal.cpp
+++ b/src/scitokens_internal.cpp
@@ -516,11 +516,11 @@ std::string rs256_from_coords(const std::string &e_str,
 #else
     std::unique_ptr<RSA, decltype(&RSA_free)> rsa(RSA_new(), RSA_free);
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-    rsa->e = e_bignum.get();
-    rsa->n = n_bignum.get();
+    rsa->e = e_bignum.release();
+    rsa->n = n_bignum.release();
     rsa->d = nullptr;
 #else
-    RSA_set0_key(rsa.get(), n_bignum.get(), e_bignum.get(), nullptr);
+    RSA_set0_key(rsa.get(), n_bignum.release(), e_bignum.release(), nullptr);
 #endif
     std::unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)> pkey(EVP_PKEY_new(),
                                                              EVP_PKEY_free);