From eaacf56ba97e8089344bc85f8a50b00932cd3416 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 19 Aug 2025 09:12:37 +0200
Subject: [PATCH] Avoid doublefree of OCSP_SINGLERESP
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

It is referenced by OCSP_BASICRESP and will be
freed when that is freed.

Issue and a proposed fix reported by Stanislav Fort (Aisle Research).

Reviewed-by: SaÅ¡a NedvÄdickÃ½ <sashan@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28300)
---
 ssl/ssl_lib.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ce95a748c7e..da99fd26312 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -6461,9 +6461,6 @@ static int ct_extract_ocsp_response_scts(SSL_CONNECTION *s)
 
             scts = OCSP_SINGLERESP_get1_ext_d2i(single,
                                                 NID_ct_cert_scts, NULL, NULL);
-
-            OCSP_SINGLERESP_free(single);
-
             if (scts == NULL)  {
                 scts_extracted = -1;
                 goto err;
-- 
2.47.3