This may happen when ssl_cert_dup calls custom_exts_copy, where
a possible memory allocation error causes custom_exts_free
to be called twice: once in the error handling of custom_exts_copy
and a second time in the error handling of ssl_cert_dup.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22772)
OPENSSL_free(meth->parse_arg);
}
OPENSSL_free(exts->meths);
+ exts->meths = NULL;
+ exts->meths_count = 0;
}
/* Return true if a client custom extension exists, false otherwise */