Mbed TLS -- Potential double-free after an out of memory error

Manuel Pégourié-Gonnard reports:

If mbedtls_ssl_set_session() or mbedtls_ssl_get_session() were to
fail with MBEDTLS_ERR_SSL_ALLOC_FAILED (in an out of memory
condition), then calling mbedtls_ssl_session_free() and
mbedtls_ssl_free() in the usual manner would cause an internal
session buffer to be freed twice, due to two structures both having
valid pointers to it after a call to ssl_session_copy().
An attacker could potentially trigger the out of memory condition,
and therefore use this bug to create memory corruption, which could
then be further exploited or targetted.