diff -up openssl-1.0.1e/crypto/asn1/x_x509.c.use-after-free openssl-1.0.1e/crypto/asn1/x_x509.c
--- openssl-1.0.1e/crypto/asn1/x_x509.c.use-after-free	2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/asn1/x_x509.c	2015-06-11 11:14:52.581856349 +0200
@@ -170,8 +170,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
 {
 	const unsigned char *q;
 	X509 *ret;
+	int freeret = 0;
+
 	/* Save start position */
 	q = *pp;
+
+	if(!a || *a == NULL) {
+		freeret = 1;
+	}
 	ret = d2i_X509(a, pp, length);
 	/* If certificate unreadable then forget it */
 	if(!ret) return NULL;
@@ -181,7 +187,11 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
 	if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
 	return ret;
 	err:
-	X509_free(ret);
+	if(freeret) {
+		X509_free(ret);
+		if (a)
+			*a = NULL;
+	}
 	return NULL;
 }
 
diff -up openssl-1.0.1e/crypto/ec/ec_asn1.c.use-after-free openssl-1.0.1e/crypto/ec/ec_asn1.c
--- openssl-1.0.1e/crypto/ec/ec_asn1.c.use-after-free	2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/ec/ec_asn1.c	2015-06-11 11:14:52.581856349 +0200
@@ -1140,8 +1140,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
                                  ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
-		if (a)
-			*a = ret;
 		}
 	else
 		ret = *a;
@@ -1206,11 +1204,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
 			}
 		}
 
+	if (a)
+		*a = ret;
 	ok = 1;
 err:
 	if (!ok)
 		{
-		if (ret)
+		if (ret && (a == NULL || *a != ret))
 			EC_KEY_free(ret);
 		ret = NULL;
 		}
@@ -1358,8 +1358,6 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, con
 			ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
 			return NULL;
 			}
-		if (a)
-			*a = ret;
 		}
 	else
 		ret = *a;
@@ -1367,9 +1365,14 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, con
 	if (!d2i_ECPKParameters(&ret->group, in, len))
 		{
 		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
+		if (a == NULL || *a != ret)
+			EC_KEY_free(ret);
 		return NULL;
 		}
 
+	if (a)
+		*a = ret;
+
 	return ret;
 	}