Don't ignore the reference count in X509_STORE_free.

Based on this upstream commit: bff9ce4db38b297c72a6d84617d71ae2934450f7
which didn't make it into a release until 1.0.2.

Thanks to william at 25thandclement dot com for reporting this!

ok deraadt@ jsing@ beck@

2 files changed, 10 insertions, 2 deletions

diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index e8151b774a..fdb10023be 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.19 2015/02/10 11:22:21 jsing Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.20 2015/04/25 16:02:55 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -254,6 +254,10 @@ X509_STORE_free(X509_STORE *vfy)
         if (vfy == NULL)
                 return;
 
+        i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE);
+        if (i > 0)
+                return;
+
         sk = vfy->get_cert_methods;
         for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
                 lu = sk_X509_LOOKUP_value(sk, i);
diff --git a/src/lib/libssl/src/crypto/x509/x509_lu.c b/src/lib/libssl/src/crypto/x509/x509_lu.c
index e8151b774a..fdb10023be 100644
--- a/src/lib/libssl/src/crypto/x509/x509_lu.c
+++ b/src/lib/libssl/src/crypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.19 2015/02/10 11:22:21 jsing Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.20 2015/04/25 16:02:55 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -254,6 +254,10 @@ X509_STORE_free(X509_STORE *vfy)
         if (vfy == NULL)
                 return;
 
+        i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE);
+        if (i > 0)
+                return;
+
         sk = vfy->get_cert_methods;
         for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
                 lu = sk_X509_LOOKUP_value(sk, i);