Don't ignore the reference count in X509_STORE_free.

Based on this upstream commit: bff9ce4db38b297c72a6d84617d71ae2934450f7
which didn't make it into a release until 1.0.2.

Thanks to william at 25thandclement dot com for reporting this!

ok deraadt@ jsing@ beck@

diff --git a/lib/libcrypto/x509/x509_lu.c b/lib/libcrypto/x509/x509_lu.c
index e8151b7..fdb1002 100644 (file)
--- a/lib/libcrypto/x509/x509_lu.c
+++ b/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.19 2015/02/10 11:22:21 jsing Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.20 2015/04/25 16:02:55 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -254,6 +254,10 @@ X509_STORE_free(X509_STORE *vfy)
        if (vfy == NULL)
                return;
 
+       i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE);
+       if (i > 0)
+               return;
+
        sk = vfy->get_cert_methods;
        for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
                lu = sk_X509_LOOKUP_value(sk, i);

diff --git a/lib/libssl/src/crypto/x509/x509_lu.c b/lib/libssl/src/crypto/x509/x509_lu.c
index e8151b7..fdb1002 100644 (file)
--- a/lib/libssl/src/crypto/x509/x509_lu.c
+++ b/lib/libssl/src/crypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.19 2015/02/10 11:22:21 jsing Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.20 2015/04/25 16:02:55 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -254,6 +254,10 @@ X509_STORE_free(X509_STORE *vfy)
        if (vfy == NULL)
                return;
 
+       i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE);
+       if (i > 0)
+               return;
+
        sk = vfy->get_cert_methods;
        for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
                lu = sk_X509_LOOKUP_value(sk, i);