From dca7158c954679757e216a0179f9014f86f6ed44 Mon Sep 17 00:00:00 2001
From: Jim Basney <jbasney@illinois.edu>
Date: Wed, 9 Mar 2016 17:11:49 -0600
Subject: Avoid double-free in calleres to OCSP_parse_url

set pointers to NULL after OPENSSL_free before returning to caller to
avoid possible double-free in caller

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 crypto/ocsp/ocsp_lib.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 1aaa290a4a..8814190146 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -266,8 +266,11 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
  err:
     OPENSSL_free(buf);
     OPENSSL_free(*ppath);
+    *ppath = NULL;
     OPENSSL_free(*pport);
+    *pport = NULL;
     OPENSSL_free(*phost);
+    *phost = NULL;
     return 0;
 
 }
-- 
cgit v1.2.3