Set sess to NULL after freeing it.
authorKurt Roeckx <kurt@roeckx.be>
Sat, 12 May 2018 10:08:14 +0000 (12:08 +0200)
committerKurt Roeckx <kurt@roeckx.be>
Sat, 12 May 2018 10:19:00 +0000 (12:19 +0200)
Found by OSS-fuzz

Bug introduced in commit 61fb59238dad6452a37ec14513fae617a4faef29

Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #6235

ssl/t1_lib.c

index b312a14..c076782 100644 (file)
@@ -1384,6 +1384,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
         /* Some additional consistency checks */
         if (slen != 0) {
             SSL_SESSION_free(sess);
+            sess = NULL;
             ret = SSL_TICKET_NO_DECRYPT;
             goto end;
         }