# This patch was developed in house.
# The issue is fixed in the OpenSSL 1.1 release by the upstream,
# but the code base has changed and the same fix can't be applied
# without major code change.
--- a/apps/ts.c	2016-06-21 13:43:24.299079900 -0700
+++ b/apps/ts.c	2016-06-21 14:06:28.055910010 -0700
@@ -299,6 +299,9 @@
             goto usage;
         /* Load the config file for possible policy OIDs. */
         conf = load_config_file(configfile);
+	 if (conf == NULL) {
+            goto cleanup;
+        }
         ret = !query_command(data, digest, md, policy, no_nonce, cert,
                              in, out, text);
         break;
@@ -401,6 +404,7 @@
         else
             BIO_printf(bio_err, "error on line %ld of config file "
                        "'%s'\n", errorline, configfile);
+        goto errexit;
     }
 
     if (conf != NULL) {
@@ -410,18 +414,27 @@
         p = NCONF_get_string(conf, NULL, ENV_OID_FILE);
         if (p != NULL) {
             BIO *oid_bio = BIO_new_file(p, "r");
-            if (!oid_bio)
+            if (!oid_bio) {
                 ERR_print_errors(bio_err);
-            else {
+                goto errexit;
+            } else {
                 OBJ_create_objects(oid_bio);
                 BIO_free_all(oid_bio);
             }
         } else
             ERR_clear_error();
-        if (!add_oid_section(bio_err, conf))
+        if (!add_oid_section(bio_err, conf)) {
             ERR_print_errors(bio_err);
+            goto errexit;
+        }
     }
     return conf;
+
+errexit:
+    if (conf != NULL) {
+	NCONF_free(conf);
+    }
+    return (NULL);
 }
 
 /*