Fix a crash in reuse of i2d_X509_PUBKEY

If the second PUBKEY is malformed there is use after free. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8122) (cherry picked from commit 5dc40a83c74be579575a512b30d9c1e0364e6a7b)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-01-30 16:20:31 +0100
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-01-31 19:27:37 +0100
commit: 1b66fc87da7c3851d7229993219336afa587f325 (patch)
tree: 9a82855425bd89294239e68a8c56ab6d0e204188 /crypto/x509/x_pubkey.c
parent: df3b7b99a8e38c7bcb0d7f635ceb292c4ed862e8 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index d050b0b4b3..06848a8069 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -36,6 +36,7 @@ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         /* Attempt to decode public key and cache in pubkey structure. */
         X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
         EVP_PKEY_free(pubkey->pkey);
+        pubkey->pkey = NULL;
         /*
          * Opportunistically decode the key but remove any non fatal errors
          * from the queue. Subsequent explicit attempts to decode/use the key
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-01-30 16:20:31 +0100
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-01-31 19:27:37 +0100
commit	1b66fc87da7c3851d7229993219336afa587f325 (patch)
tree	9a82855425bd89294239e68a8c56ab6d0e204188 /crypto/x509/x_pubkey.c
parent	df3b7b99a8e38c7bcb0d7f635ceb292c4ed862e8 (diff)