From 29305f4edc886db349f2beedb345f9dd93311c09 Mon Sep 17 00:00:00 2001
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 28 Feb 2016 11:40:12 +0100
Subject: [PATCH] Fix invalid free

Also removes an extra initializer, the master branch has a extra field.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 crypto/asn1/tasn_dec.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 97b18358a9..5a507967c8 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -715,9 +715,9 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
 {
     int ret = 0, utype;
     long plen;
-    char cst, inf, free_cont = 1;
+    char cst, inf, free_cont = 0;
     const unsigned char *p;
-    BUF_MEM buf = { 0, NULL, 0, 0 };
+    BUF_MEM buf = { 0, NULL, 0 };
     const unsigned char *cont = NULL;
     long len;
     if (!pval) {
@@ -801,6 +801,9 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
             ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE);
             return 0;
         }
+
+        /* Free any returned 'buf' content */
+        free_cont = 1;
         /*
          * Should really check the internal tags are correct but some things
          * may get this wrong. The relevant specs say that constructed string
-- 
2.25.1