Transfer ownership before setting unused bits

This looks like a use after free, but setting the unused bits to 0 can't actually fail. ok jsing
author: tb <> 2024-04-17 13:50:01 +0000
committer: tb <> 2024-04-17 13:50:01 +0000
commit: 97b98463467c2f87ba7167b1596449256b4805c7 (patch)
tree: d95029e6da72a4363ba64378d2b6ee8655a5d312 /src
parent: 371c95bd20fe7e9fa658fbe00b43edd117b77336 (diff)
download: openbsd-97b98463467c2f87ba7167b1596449256b4805c7.tar.gz
openbsd-97b98463467c2f87ba7167b1596449256b4805c7.tar.bz2
openbsd-97b98463467c2f87ba7167b1596449256b4805c7.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 9bcda79b3e..1c2b6be87c 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.55 2024/04/17 13:49:18 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.56 2024/04/17 13:50:01 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -951,10 +951,12 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
                penclen = i2o_ECPublicKey(eckey, &p);
                if (penclen <= 0)
                        goto err;
                ASN1_STRING_set0(pubkey, penc, penclen);
+                penc = NULL;
                if (!asn1_abs_set_unused_bits(pubkey, 0))
                        goto err;
-                penc = NULL;
                X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
                    V_ASN1_UNDEF, NULL);
author	tb <>	2024-04-17 13:50:01 +0000
committer	tb <>	2024-04-17 13:50:01 +0000
commit	97b98463467c2f87ba7167b1596449256b4805c7 (patch)
tree	d95029e6da72a4363ba64378d2b6ee8655a5d312 /src
parent	371c95bd20fe7e9fa658fbe00b43edd117b77336 (diff)
download	openbsd-97b98463467c2f87ba7167b1596449256b4805c7.tar.gz openbsd-97b98463467c2f87ba7167b1596449256b4805c7.tar.bz2 openbsd-97b98463467c2f87ba7167b1596449256b4805c7.zip