From 97b98463467c2f87ba7167b1596449256b4805c7 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 17 Apr 2024 13:50:01 +0000
Subject: Transfer ownership before setting unused bits

This looks like a use after free, but setting the unused bits to 0
can't actually fail.

ok jsing
---
 src/lib/libcrypto/ec/ec_ameth.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 9bcda79b3e..1c2b6be87c 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.55 2024/04/17 13:49:18 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.56 2024/04/17 13:50:01 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -951,10 +951,12 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
 		penclen = i2o_ECPublicKey(eckey, &p);
 		if (penclen <= 0)
 			goto err;
+
 		ASN1_STRING_set0(pubkey, penc, penclen);
+		penc = NULL;
+
 		if (!asn1_abs_set_unused_bits(pubkey, 0))
 			goto err;
-		penc = NULL;
 
 		X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
 		    V_ASN1_UNDEF, NULL);
-- 
cgit v1.2.3-55-g6feb