From 190eb169ed96e72590cae9e6c3258e88c8efc7c0 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@google.com>
Date: Tue, 19 May 2015 13:34:29 -0700
Subject: external/boringssl: fix use after free in X509.

This change imports upstream's beeb0fa7 and fixes a UAF in X509 if
certain, 1.0.2-only, APIs are used.

Change-Id: If8268c17828f7202ce57421629da1a53a9e4dcc5
---
 src/crypto/x509v3/v3_utl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/crypto/x509v3/v3_utl.c b/src/crypto/x509v3/v3_utl.c
index 27a91ff..d79f0de 100644
--- a/src/crypto/x509v3/v3_utl.c
+++ b/src/crypto/x509v3/v3_utl.c
@@ -879,9 +879,9 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
 		if (astrlen < 0)
 			return -1;
 		rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
-		OPENSSL_free(astr);
 		if (rv > 0 && peername)
 			*peername = BUF_strndup((char *)astr, astrlen);
+		OPENSSL_free(astr);
 		}
 	return rv;
 	}
-- 
cgit v1.1