===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/crl.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- src/usr.bin/openssl/crl.c	2021/10/23 14:49:39	1.14
+++ src/usr.bin/openssl/crl.c	2021/10/31 16:47:27	1.15
@@ -1,4 +1,4 @@
-/* $OpenBSD: crl.c,v 1.14 2021/10/23 14:49:39 tb Exp $ */
+/* $OpenBSD: crl.c,v 1.15 2021/10/31 16:47:27 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -225,7 +225,7 @@
 	X509_STORE *store = NULL;
 	X509_STORE_CTX *ctx = NULL;
 	X509_LOOKUP *lookup = NULL;
-	X509_OBJECT xobj;
+	X509_OBJECT *xobj = NULL;
 	EVP_PKEY *pkey;
 	const EVP_MD *digest;
 	char *digest_name = NULL;
@@ -302,6 +302,8 @@
 
 		if ((ctx = X509_STORE_CTX_new()) == NULL)
 			goto end;
+		if ((xobj = X509_OBJECT_new()) == NULL)
+			goto end;
 
 		if (!X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
 			BIO_printf(bio_err,
@@ -309,14 +311,15 @@
 			goto end;
 		}
 		i = X509_STORE_get_by_subject(ctx, X509_LU_X509,
-		    X509_CRL_get_issuer(x), &xobj);
+		    X509_CRL_get_issuer(x), xobj);
 		if (i <= 0) {
 			BIO_printf(bio_err,
 			    "Error getting CRL issuer certificate\n");
 			goto end;
 		}
-		pkey = X509_get_pubkey(X509_OBJECT_get0_X509(&xobj));
-		X509_OBJECT_free_contents(&xobj);
+		pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj));
+		X509_OBJECT_free(xobj);
+		xobj = NULL;
 		if (!pkey) {
 			BIO_printf(bio_err,
 			    "Error getting CRL issuer public key\n");
@@ -436,6 +439,7 @@
 	X509_CRL_free(x);
 	X509_STORE_CTX_free(ctx);
 	X509_STORE_free(store);
+	X509_OBJECT_free(xobj);
 
 	return (ret);
 }