From caf9636770881d35e2b61264d30bb486879c3729 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 15 Apr 2015 12:33:21 +1000
Subject: [PATCH] 4098.   [bug]           Address use-after-free issue when
 using a                         predecessor key with dnssec-settime. [RT
 #39272]

(cherry picked from commit bc8f82492dfdfa8b6d58bca850fa328e176cfd91)
---
 CHANGES                     | 5 ++++-
 bin/dnssec/dnssec-settime.c | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 792531d6f1..79e101de9d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4098.	[bug]		Address use-after-free issue when using a
+			predecessor key with dnssec-settime. [RT #39272]
+
 4097.	[func]		Add additional logging about xfrin transfer status.
 			[RT #39170]
 
@@ -92,7 +95,7 @@
 4061.	[bug]		Handle timeout in legacy system test. [RT #38573]
 
 4060.	[bug]		dns_rdata_freestruct could be called on a
-			uninitialised structure when handling a error.
+			uninitialized structure when handling a error.
 			[RT #38568]
 
 4059.	[bug]		Addressed valgrind warnings. [RT #38549]
diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
index fce63efcc1..e26356c788 100644
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -399,7 +399,6 @@ main(int argc, char **argv) {
 					"inactive.\n", program);
 
 		changed = setpub = setact = ISC_TRUE;
-		dst_key_free(&prevkey);
 	} else {
 		if (prepub < 0)
 			prepub = 0;
@@ -590,6 +589,8 @@ main(int argc, char **argv) {
 		printf("%s\n", newname);
 	}
 
+	if (prevkey != NULL)
+		dst_key_free(&prevkey);
 	dst_key_free(&key);
 	dst_lib_destroy();
 	isc_hash_destroy();