From: Jim Basney <jbasney@illinois.edu>
Date: Wed, 9 Mar 2016 23:11:49 +0000 (-0600)
Subject: Avoid double-free in calleres to OCSP_parse_url
X-Git-Tag: OpenSSL_1_1_0-pre4~101
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dca7158c954679757e216a0179f9014f86f6ed44;p=openssl

Avoid double-free in calleres to OCSP_parse_url

set pointers to NULL after OPENSSL_free before returning to caller to
avoid possible double-free in caller

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
---

diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 1aaa290a4a..8814190146 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -266,8 +266,11 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
  err:
     OPENSSL_free(buf);
     OPENSSL_free(*ppath);
+    *ppath = NULL;
     OPENSSL_free(*pport);
+    *pport = NULL;
     OPENSSL_free(*phost);
+    *phost = NULL;
     return 0;
 
 }