From e48a9babbfcf3a481d5a9358c8282c497ab08cf7 Mon Sep 17 00:00:00 2001
From: Wangchong Zhou <fffonion@gmail.com>
Date: Mon, 3 Feb 2020 15:35:13 +0800
Subject: src/openssl.c: reset bio pointer before reuse in X509_ANY format

---
 regress/177-reset-bio.lua | 35 +++++++++++++++++++++++++++++++++++
 regress/regress.lua       |  2 ++
 src/openssl.c             |  3 +++
 3 files changed, 40 insertions(+)
 create mode 100755 regress/177-reset-bio.lua

diff --git a/regress/177-reset-bio.lua b/regress/177-reset-bio.lua
new file mode 100755
index 0000000..565a511
--- /dev/null
+++ b/regress/177-reset-bio.lua
@@ -0,0 +1,35 @@
+#!/usr/bin/env lua
+
+local regress = require "regress"
+
+local ok, err
+
+local key = regress.pkey.new()
+
+-- generate a minimal certificate and export to DER
+local x509 = regress.x509.new()
+x509:setPublicKey(key)
+x509:sign(key)
+local x509_der = x509:tostring("DER")
+
+ok, err = pcall(regress.x509.new, x509_der)
+regress.check(ok, "failed to load DER certificate: %s", err)
+
+-- generate a minimal crl and export to DER
+local crl = regress.crl.new()
+crl:sign(key)
+local crl_der = crl:tostring("DER")
+
+ok, err = pcall(regress.crl.new, crl_der)
+regress.check(ok, "failed to load DER CRL: %s", err)
+
+-- generate a minimal csr and export to DER
+local csr = regress.csr.new()
+csr:setPublicKey(key)
+csr:sign(key)
+local csr_der = csr:tostring("DER")
+
+ok, err = pcall(regress.csr.new, csr_der)
+regress.check(ok, "failed to load DER CSR: %s", err)
+
+regress.say "OK"
diff --git a/regress/regress.lua b/regress/regress.lua
index 5cdd22d..044e342 100644
--- a/regress/regress.lua
+++ b/regress/regress.lua
@@ -11,6 +11,8 @@ local regress = {
 	chain = require"openssl.x509.chain",
 	store = require"openssl.x509.store",
 	verify_param = require"openssl.x509.verify_param",
+	crl = require"openssl.x509.crl",
+	csr = require"openssl.x509.csr",
 	pack = table.pack or function (...)
 		local t = { ... }
 		t.n = select("#", ...)
diff --git a/src/openssl.c b/src/openssl.c
index 9a9de0f..c3547bb 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -6412,6 +6412,7 @@ static int xc_new(lua_State *L) {
 		}
 
 		if (!ok && (type == X509_DER || type == X509_ANY)) {
+			BIO_reset(tmp);
 			ok = !!(*ud = d2i_X509_bio(tmp, NULL));
 		}
 
@@ -7611,6 +7612,7 @@ static int xr_new(lua_State *L) {
 		}
 
 		if (!ok && (type == X509_DER || type == X509_ANY)) {
+			BIO_reset(tmp);
 			ok = !!(*ud = d2i_X509_REQ_bio(tmp, NULL));
 		}
 
@@ -8037,6 +8039,7 @@ static int xx_new(lua_State *L) {
 		}
 
 		if (!ok && (type == X509_DER || type == X509_ANY)) {
+			BIO_reset(tmp);
 			ok = !!(*ud = d2i_X509_CRL_bio(tmp, NULL));
 		}
 
-- 
cgit v1.2.3-59-g8ed1b