From c5ff1c048c473018d13479e31f553026cc4c7a49 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Wed, 3 May 2023 10:22:30 +0000
Subject: [PATCH] Fix a use-after-free in filemode

In case the TAL of a self-signed is unavailable, cert would be freed but
we'd still hold a reference to its expired time in expires, so invalidate
that pointer as well.

Found by, initial fix and ok job
---
 usr.sbin/rpki-client/filemode.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c
index b2e729c337d..2870662c2c5 100644
--- a/usr.sbin/rpki-client/filemode.c
+++ b/usr.sbin/rpki-client/filemode.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: filemode.c,v 1.30 2023/04/26 16:32:41 claudio Exp $ */
+/*	$OpenBSD: filemode.c,v 1.31 2023/05/03 10:22:30 tb Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -478,6 +478,7 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
 		} else {
 			cert_free(cert);
 			cert = NULL;
+			expires = NULL;
 			status = 0;
 		}
 	}
-- 
2.20.1