From: jsing <jsing@openbsd.org>
Date: Mon, 14 Mar 2022 16:35:45 +0000 (+0000)
Subject: Factor out ASN1_STRING clearing code.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=31b410a6e73670311b1214e0b7f9ae426880f048;p=openbsd

Factor out ASN1_STRING clearing code.

This fixes a bug in ASN1_STRING_set0() where it does not respect the
ASN1_STRING_FLAG_NDEF flag and potentially frees memory that we do not own.

ok inguchi@ tb@
---

diff --git a/lib/libcrypto/asn1/a_string.c b/lib/libcrypto/asn1/a_string.c
index 2b5840e9e09..217d28da090 100644
--- a/lib/libcrypto/asn1/a_string.c
+++ b/lib/libcrypto/asn1/a_string.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_string.c,v 1.5 2022/03/14 16:23:29 jsing Exp $ */
+/* $OpenBSD: a_string.c,v 1.6 2022/03/14 16:35:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -85,14 +85,24 @@ ASN1_STRING_type_new(int type)
 	return astr;
 }
 
+static void
+ASN1_STRING_clear(ASN1_STRING *astr)
+{
+	if (!(astr->flags & ASN1_STRING_FLAG_NDEF))
+		freezero(astr->data, astr->length);
+
+	astr->flags &= ~ASN1_STRING_FLAG_NDEF;
+	astr->data = NULL;
+	astr->length = 0;
+}
+ 
 void
 ASN1_STRING_free(ASN1_STRING *astr)
 {
 	if (astr == NULL)
 		return;
 
-	if (astr->data != NULL && !(astr->flags & ASN1_STRING_FLAG_NDEF))
-		freezero(astr->data, astr->length);
+	ASN1_STRING_clear(astr);
 
 	free(astr);
 }
@@ -176,7 +186,8 @@ ASN1_STRING_set(ASN1_STRING *astr, const void *_data, int len)
 void
 ASN1_STRING_set0(ASN1_STRING *astr, void *data, int len)
 {
-	freezero(astr->data, astr->length);
+	ASN1_STRING_clear(astr);
+
 	astr->data = data;
 	astr->length = len;
 }