From 9d74b492cb913dd2f6ff73e839389649c588d06f Mon Sep 17 00:00:00 2001
From: beck <>
Date: Fri, 4 Dec 2015 04:22:24 +0000
Subject: Fix for OpenSSL CVE-2015-3195

---
 src/lib/libssl/src/crypto/asn1/tasn_dec.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'src/lib/libssl')

diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index 7b8d55f015..c0b8198b1d 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_dec.c,v 1.25.4.1 2015/03/19 14:01:15 tedu Exp $ */
+/* $OpenBSD: tasn_dec.c,v 1.25.4.2 2015/12/04 04:22:24 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -166,6 +166,10 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 	int otag;
 	int ret = 0;
 	ASN1_VALUE **pchptr;
+	int combine;
+
+	combine = aclass & ASN1_TFLG_COMBINE;
+	aclass &= ~ASN1_TFLG_COMBINE;
 
 	if (!pval)
 		return 0;
@@ -445,7 +449,8 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 auxerr:
 	ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
 err:
-	ASN1_item_ex_free(pval, it);
+	if (combine == 0)
+		ASN1_item_ex_free(pval, it);
 	if (errtt)
 		ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name,
 		    it->sname);
@@ -640,7 +645,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
 	} else {
 		/* Nothing special */
 		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-		    -1, 0, opt, ctx);
+		    -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
 		if (!ret) {
 			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
 			    ERR_R_NESTED_ASN1_ERROR);
-- 
cgit v1.2.3-55-g6feb