From 2ec8284ea214cff7fcdc12e2cad627f70912e7d7 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Thu, 1 Jun 2017 14:26:04 -0400
Subject: [PATCH 1/1] set 'sess = NULL' after freeing it.  Closes #1999

---
 src/main/tls.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/main/tls.c b/src/main/tls.c
index ce7799e..634924d 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1605,6 +1605,7 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l
 			/* not safe to un-persist a session w/o VPs */
 			RWDEBUG("Failed loading persisted VPs for session %s", buffer);
 			SSL_SESSION_free(sess);
+			sess = NULL;
 			goto error;
 		}
 
@@ -1618,12 +1619,14 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l
 			if (ocsp_asn1time_to_epoch(&expires, vp->vp_strvalue) < 0) {
 				RDEBUG2("Failed getting certificate expiration, removing cache entry for session %s", buffer);
 				SSL_SESSION_free(sess);
+				sess = NULL;
 				goto error;
 			}
 
 			if (expires <= request->timestamp) {
 				RDEBUG2("Certificate has expired, removing cache entry for session %s", buffer);
 				SSL_SESSION_free(sess);
+				sess = NULL;
 				goto error;
 			}
 
-- 
2.1.4