GH837: Avoid double-free in OCSP parse.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index cabf53933a442233328010b0dc31753fe4f46506..ff781e56e73ea207bf9e916f044727e111de3e5d 100644 (file)
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -271,12 +271,18 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
  err:
     if (buf)
         OPENSSL_free(buf);
-    if (*ppath)
+    if (*ppath) {
         OPENSSL_free(*ppath);
-    if (*pport)
+        *ppath = NULL;
+    }
+    if (*pport) {
         OPENSSL_free(*pport);
-    if (*phost)
+        *pport = NULL;
+    }
+    if (*phost) {
         OPENSSL_free(*phost);
+        *phost = NULL;
+    }
     return 0;
 
 }