From: Shane Lontis <shane.lontis@oracle.com>
Date: Wed, 2 Dec 2020 10:50:32 +0000 (+1000)
Subject: Fix x509_crl propq so that it uses a copy
X-Git-Tag: openssl-3.0.0-alpha10~185
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c22139a78610210a977c3afcc358295b864befa5;p=thirdparty%2Fopenssl.git

Fix x509_crl propq so that it uses a copy

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12700)
---

diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index 1ec79255137..164d425ab26 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -264,6 +264,15 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         ASN1_INTEGER_free(crl->crl_number);
         ASN1_INTEGER_free(crl->base_crl_number);
         sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+        OPENSSL_free(crl->propq);
+        break;
+    case ASN1_OP_DUP_POST:
+        {
+            X509_CRL *old = exarg;
+
+            if (!x509_crl_set0_libctx(crl, old->libctx, old->propq))
+                return 0;
+        }
         break;
     }
     return 1;
@@ -494,7 +503,13 @@ int x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx, const char *propq)
 {
     if (x != NULL) {
         x->libctx = libctx;
-        x->propq = propq;
+        OPENSSL_free(x->propq);
+        x->propq = NULL;
+        if (propq != NULL) {
+            x->propq = OPENSSL_strdup(propq);
+            if (x->propq == NULL)
+                return 0;
+        }
     }
     return 1;
 }
diff --git a/include/crypto/x509.h b/include/crypto/x509.h
index 7a4ff888dc3..d88cd31902e 100644
--- a/include/crypto/x509.h
+++ b/include/crypto/x509.h
@@ -116,7 +116,7 @@ struct X509_crl_st {
     CRYPTO_RWLOCK *lock;
 
     OSSL_LIB_CTX *libctx;
-    const char *propq;
+    char *propq;
 };
 
 struct x509_revoked_st {