From 8d7a155e827dd96b3fcf47a54551caa3e14fa961 Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Fri, 18 Apr 2014 15:03:20 +0000
Subject: Some dude named Tavis Ormandy reported a bug which has gone unfixed.
 http://marc.info/?l=openssl-users&m=138014120223264&w=2 Arguably a doc bug,
 but we argue not. If you parse a new cert into memory occupied by a
 previously verified cert, the new cert will inherit that state, bypassing
 future verification checks. To avoid this, we will always start fresh with a
 new object.

grudging ok from guenther, after i threatened to make him read the code yet
again. "that ok was way more painful and tiring then it should have been"
---
 src/lib/libcrypto/asn1/tasn_dec.c         | 5 +++++
 src/lib/libssl/src/crypto/asn1/tasn_dec.c | 5 +++++
 2 files changed, 10 insertions(+)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index f19c457169..1ce40039b1 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -171,6 +171,11 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 
 	if (!pval)
 		return 0;
+	/* always start fresh */
+	if (*pval) {
+		ASN1_item_ex_free(pval, it);
+		*pval = NULL;
+	}
 	if (aux && aux->asn1_cb)
 		asn1_cb = aux->asn1_cb;
 	else
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index f19c457169..1ce40039b1 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -171,6 +171,11 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 
 	if (!pval)
 		return 0;
+	/* always start fresh */
+	if (*pval) {
+		ASN1_item_ex_free(pval, it);
+		*pval = NULL;
+	}
 	if (aux && aux->asn1_cb)
 		asn1_cb = aux->asn1_cb;
 	else
-- 
cgit v1.2.3-55-g6feb