From 50f1d00beee5e8a8c5126d3318d5f2129efbdd3f Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Thu, 30 Jul 2015 23:06:46 -0400
Subject: [PATCH] RT3774: double-free in DSA

(Imported from upstream's 374fd385c2347b965c3490aa1c10025e1339d265.)

This codepath is only reachable on malloc failure if putting DSA private
keys into a PKCS#8 PrivateKeyInfo.

Change-Id: I88052eab3f477c4cdf5749be525878278d966a69
Reviewed-on: https://boringssl-review.googlesource.com/5543
Reviewed-by: Adam Langley <agl@google.com>
---
 crypto/evp/p_dsa_asn1.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/evp/p_dsa_asn1.c b/crypto/evp/p_dsa_asn1.c
index 1668365d..4790cf62 100644
--- a/crypto/evp/p_dsa_asn1.c
+++ b/crypto/evp/p_dsa_asn1.c
@@ -325,6 +325,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) {
   dplen = i2d_ASN1_INTEGER(prkey, &dp);
 
   ASN1_INTEGER_free(prkey);
+  prkey = NULL;
 
   if (!PKCS8_pkey_set0(p8, (ASN1_OBJECT *)OBJ_nid2obj(NID_dsa), 0,
                        V_ASN1_SEQUENCE, params, dp, dplen)) {