Avoid double-free in calleres to OCSP_parse_url

set pointers to NULL after OPENSSL_free before returning to caller to
avoid possible double-free in caller

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 1aaa290a4a2f6c7266446f266a6ec4d9f651ad9f..88141901463e7dc81535a8aa201229c73ad69ff7 100644 (file)
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -266,8 +266,11 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
  err:
     OPENSSL_free(buf);
     OPENSSL_free(*ppath);
+    *ppath = NULL;
     OPENSSL_free(*pport);
+    *pport = NULL;
     OPENSSL_free(*phost);
+    *phost = NULL;
     return 0;
 
 }