From f2a500e5bfad3bd2e33845145abfb7a05542c3b2 Mon Sep 17 00:00:00 2001
From: miod <>
Date: Sun, 13 Nov 2016 08:47:54 +0000
Subject: Fix previous change to X509_STORE_add_{cert,crl} to not free the
 input object in the error path - we don't own it.

---
 src/lib/libcrypto/x509/x509_lu.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index fc1256788e..d8d0bb4147 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.21 2016/11/08 21:22:55 miod Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.22 2016/11/13 08:47:54 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -376,8 +376,10 @@ X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
 
 	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
 
-	if (ret == 0)
+	if (ret == 0) {
+		obj->data.x509 = NULL; /* owned by the caller */
 		X509_OBJECT_free(obj);
+	}
 
 	return ret;
 }
@@ -419,8 +421,10 @@ X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
 
 	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
 
-	if (ret == 0)
+	if (ret == 0) {
+		obj->data.crl = NULL; /* owned by the caller */
 		X509_OBJECT_free(obj);
+	}
 
 	return ret;
 }
-- 
cgit v1.2.3-55-g6feb