Set sess to NULL after freeing it. Found by OSS-fuzz Bug introduced in commit 61fb59238dad6452a37ec14513fae617a4faef29 Reviewed-by: Matt Caswell <matt@openssl.org> GH: #6235
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index b312a14..c076782 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c
@@ -1384,6 +1384,7 @@ /* Some additional consistency checks */ if (slen != 0) { SSL_SESSION_free(sess); + sess = NULL; ret = SSL_TICKET_NO_DECRYPT; goto end; }