Not tested, as the offending code flow is quite obvious "in hindsight", and making the pointer NULL after free() is a sufficient safeguard against double free(). A slightly more readable construction could have used to different "info" variables for the two different scopes, each with its own individual free(), exactly one per variable... but that's a larger change.
Your patch has been applied to the master branch. Application to 2.6 and earlier is not needed, the offending code is new (e9ad1b3 or 3512e8d). commit f7aedca70e24e9a35f0cbd33d1aa708b4daf0055 Author: Lev Stipakov Date: Thu Apr 17 15:46:30 2025 +0200 ssl_openssl.c: Prevent potential double-free Signed-off-by: Lev Stipakov <l...@openvpn.net> Acked-by: Antonio Quartulli <anto...@mandelbit.com> Message-Id: <20250417134636.21279-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31478.html Signed-off-by: Gert Doering <g...@greenie.muc.de> -- kind regards, Gert Doering _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel