Fix double-free bug in microdesc parser

changes/microdesc-double-free

@@ -0,0 +1,7 @@
+  o Security fixes:
+    - Don't double-free a parsable, but invalid, microdescriptor, even
+      if it is followed in the blob we're parsing by an unparsable
+      microdescriptor.  Fixes an issue reported in a comment on bug 2954.
+      Bugfix on 0.2.2.6-alpha; fix by "cypherpunks".
+
+

src/or/routerparse.c

@@ -4357,6 +4357,7 @@ microdescs_parse_from_string(const char *s, const char *eos,
     md = NULL;
   next:
     microdesc_free(md);
+    md = NULL;
 
     memarea_clear(area);
     smartlist_clear(tokens);