diff -up openssl-1.0.1e/crypto/asn1/tasn_dec.c.item-reuse openssl-1.0.1e/crypto/asn1/tasn_dec.c

--- openssl-1.0.1e/crypto/asn1/tasn_dec.c.item-reuse	2013-02-11 16:26:04.000000000 +0100

+++ openssl-1.0.1e/crypto/asn1/tasn_dec.c	2015-03-19 15:46:51.097022616 +0100

@@ -310,9 +310,19 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,

 		case ASN1_ITYPE_CHOICE:

 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))

 				goto auxerr;

-

-		/* Allocate structure */

-		if (!*pval && !ASN1_item_ex_new(pval, it))

+		if (*pval)

+			{

+			/* Free up and zero CHOICE value if initialised */

+			i = asn1_get_choice_selector(pval, it);

+			if ((i >= 0) && (i < it->tcount))

+				{

+				tt = it->templates + i;

+				pchptr = asn1_get_field_ptr(pval, tt);

+				ASN1_template_free(pchptr, tt);

+				asn1_set_choice_selector(pval, -1, it);

+				}

+			}

+		else if (!ASN1_item_ex_new(pval, it))

 			{

 			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,

 						ERR_R_NESTED_ASN1_ERROR);

@@ -407,6 +417,19 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,

 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))

 				goto auxerr;

+		/* Free up and zero any ADB found */

+		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)

+			{

+			if (tt->flags & ASN1_TFLG_ADB_MASK)

+				{

+				const ASN1_TEMPLATE *seqtt;

+				ASN1_VALUE **pseqval;

+				seqtt = asn1_do_adb(pval, tt, 1);

+				pseqval = asn1_get_field_ptr(pval, seqtt);

+				ASN1_template_free(pseqval, seqtt);

+				}

+			}

+

 		/* Get each field entry */

 		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)

 			{