$NetBSD: patch-an,v 1.1 2006/09/30 04:20:24 taca Exp $

# http://secunia.com/advisories/22130/

--- crypto/asn1/tasn_dec.c.orig	2005-05-01 03:16:40.000000000 +0900
+++ crypto/asn1/tasn_dec.c
@@ -628,6 +628,9 @@ static int asn1_d2i_ex_primitive(ASN1_VA
 	if(!ret) {
 		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
 		return 0;
+
+        ret = 0;
+
 	} else if(ret == -1) return -1;
 	/* SEQUENCE, SET and "OTHER" are left in encoded form */
 	if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
@@ -662,7 +665,11 @@ static int asn1_d2i_ex_primitive(ASN1_VA
 		 * internally irrespective of the type. So instead just check
 		 * for UNIVERSAL class and ignore the tag.
 		 */
-		if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err;
+		if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL))
+			{
+			free_cont = 1;
+			goto err;
+			}
 		len = buf.length;
 		/* Append a final null to string */
 		if(!BUF_MEM_grow_clean(&buf, len + 1)) {
@@ -903,7 +910,7 @@ static int asn1_collect(BUF_MEM *buf, un
 			return 0;
 #endif
 		} else {
-			if(!collect_data(buf, &p, plen)) return 0;
+			if(plen && !collect_data(buf, &p, plen)) return 0;
 		}
 		len -= p - q;
 	}
