From bc8f82492dfdfa8b6d58bca850fa328e176cfd91 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 15 Apr 2015 12:33:21 +1000
Subject: [PATCH] 4098.   [bug]           Address use-after-free issue when
 using a                         predecessor key with dnssec-settime. [RT
 #39272]

---
 CHANGES                     | 7 +++++--
 bin/dnssec/dnssec-settime.c | 3 ++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index e636214a17..2ffdf0ddfe 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,10 +1,13 @@
+4098.	[bug]		Address use-after-free issue when using a
+			predecessor key with dnssec-settime. [RT #39272]
+
 4097.	[func]		Add additional logging about xfrin transfer status.
 			[RT #39170]
 
 4096.	[bug]		Fix a use after free of query->sendevent.
 			[RT #39132]
 
-4095.	[bug]		zone->options2 was not being properly initalized.
+4095.	[bug]		zone->options2 was not being properly initialized.
 			[RT #39228]
 
 4094.	[bug]		A race during shutdown or reconfiguration could
@@ -120,7 +123,7 @@
 4061.	[bug]		Handle timeout in legacy system test. [RT #38573]
 
 4060.	[bug]		dns_rdata_freestruct could be called on a
-			uninitialised structure when handling a error.
+			uninitialized structure when handling a error.
 			[RT #38568]
 
 4059.	[bug]		Addressed valgrind warnings. [RT #38549]
diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
index 33593c5036..8d784a624b 100644
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -409,7 +409,6 @@ main(int argc, char **argv) {
 					"inactive.\n", program);
 
 		changed = setpub = setact = ISC_TRUE;
-		dst_key_free(&prevkey);
 	} else {
 		if (prepub < 0)
 			prepub = 0;
@@ -600,6 +599,8 @@ main(int argc, char **argv) {
 		printf("%s\n", newname);
 	}
 
+	if (prevkey != NULL)
+		dst_key_free(&prevkey);
 	dst_key_free(&key);
 	dst_lib_destroy();
 	isc_hash_destroy();