Someone (TM) thought it was smart to save memory by using malloc(1) and

manual field fiddling to create an ASN1_INTEGER object, instead of using
M_ASN1_INTEGER_new() which will allocate sizeof(long) bytes.
That person had probably never looked into malloc(3) and never heard of
allocation size rounding.

Thus, replace the obfuscated code with M_ASN1_INTEGER_new() followed by
ASN1_INTEGER_set(), to achieve a similar result, without the need for
/* version == 0 */ comments.

ok bcook@

1 files changed, 4 insertions, 5 deletions

diff --git a/lib/libcrypto/x509/x509_req.c b/lib/libcrypto/x509/x509_req.c
index 22d2124614e..452ce0a5124 100644
--- a/lib/libcrypto/x509/x509_req.c
+++ b/lib/libcrypto/x509/x509_req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_req.c,v 1.15 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: x509_req.c,v 1.16 2014/09/28 10:50:33 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -86,11 +86,10 @@ X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 	ri = ret->req_info;
 
-	ri->version->length = 1;
-	ri->version->data = malloc(1);
-	if (ri->version->data == NULL)
+	if ((ri->version = M_ASN1_INTEGER_new()) == NULL)
+		goto err;
+	if (ASN1_INTEGER_set(ri->version, 0) == 0)
 		goto err;
-	ri->version->data[0] = 0; /* version == 0 */
 
 	if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
 		goto err;