diff --git a/src/ssl.c b/src/ssl.c index ef24fa9ff..7f11bb4e7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5744,8 +5744,10 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, file = XFOPEN(fname, "rb"); if (file == XBADFILE) return WOLFSSL_BAD_FILE; - if (XFSEEK(file, 0, XSEEK_END) != 0) + if (XFSEEK(file, 0, XSEEK_END) != 0) { + XFCLOSE(file); return WOLFSSL_BAD_FILE; + } sz = XFTELL(file); XREWIND(file); @@ -5922,8 +5924,10 @@ int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname, WOLFSSL_ENTER("wolfSSL_CertManagerVerify"); if (file == XBADFILE) return WOLFSSL_BAD_FILE; - if(XFSEEK(file, 0, XSEEK_END) != 0) + if(XFSEEK(file, 0, XSEEK_END) != 0) { + XFCLOSE(file); return WOLFSSL_BAD_FILE; + } sz = XFTELL(file); XREWIND(file); @@ -6377,8 +6381,10 @@ static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl, file = XFOPEN(fname, "rb"); if (file == XBADFILE) return WOLFSSL_BAD_FILE; - if(XFSEEK(file, 0, XSEEK_END) != 0) + if(XFSEEK(file, 0, XSEEK_END) != 0) { + XFCLOSE(file); return WOLFSSL_BAD_FILE; + } sz = XFTELL(file); XREWIND(file); @@ -8459,8 +8465,10 @@ int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname) return WOLFSSL_BAD_FILE; } - if(XFSEEK(file, 0, XSEEK_END) != 0) + if(XFSEEK(file, 0, XSEEK_END) != 0) { + XFCLOSE(file); return WOLFSSL_BAD_FILE; + } memSz = (int)XFTELL(file); XREWIND(file); @@ -17660,8 +17668,10 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, if (fp == XBADFILE) return BAD_FUNC_ARG; - if(XFSEEK(fp, 0, XSEEK_END) != 0) + if(XFSEEK(fp, 0, XSEEK_END) != 0) { + XFCLOSE(fp); return WOLFSSL_BAD_FILE; + } sz = XFTELL(fp); XREWIND(fp); @@ -21721,8 +21731,10 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) if (file == XBADFILE) return WOLFSSL_BAD_FILE; - if(XFSEEK(file, 0, XSEEK_END) != 0) + if(XFSEEK(file, 0, XSEEK_END) != 0) { + XFCLOSE(file); return WOLFSSL_BAD_FILE; + } sz = XFTELL(file); XREWIND(file); @@ -28172,6 +28184,7 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, pem_password_cb* cb, void* pass, if (mem == NULL) { WOLFSSL_MSG("Memory error"); XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL); + tmp = NULL; ret = MEMORY_E; break; } @@ -28185,6 +28198,7 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, pem_password_cb* cb, void* pass, WOLFSSL_MSG("No data to read from bio"); if (mem != NULL) { XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); + mem = NULL; } ret = BUFFER_E; } @@ -28201,6 +28215,7 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, pem_password_cb* cb, void* pass, if (info == NULL) { WOLFSSL_MSG("Error getting memory for EncryptedInfo structure"); XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); + mem = NULL; ret = MEMORY_E; } } @@ -32008,7 +32023,8 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) bufPtr = maxKeyBuf; if (wolfSSL_BIO_read(bio, (unsigned char*)bioMem, (int)bioMemSz) == bioMemSz) { - if ((key = wolfSSL_d2i_RSAPrivateKey(NULL, &bioMem, bioMemSz)) == NULL) { + const byte* bioMemPt = bioMem; /* leave bioMem pointer unaltered */ + if ((key = wolfSSL_d2i_RSAPrivateKey(NULL, &bioMemPt, bioMemSz)) == NULL) { XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); return NULL; } diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index a8aa85357..4b9b3175c 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -1246,8 +1246,13 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz, return MEMORY_E; } #endif - if (mp_init_multi(x, y, 0, 0, 0, 0) != MP_OKAY) + if (mp_init_multi(x, y, 0, 0, 0, 0) != MP_OKAY) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(y, key->heap, DYNAMIC_TYPE_DH); + XFREE(x, key->heap, DYNAMIC_TYPE_DH); + #endif return MP_INIT_E; + } if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY) ret = MP_READ_E; @@ -1397,6 +1402,11 @@ int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz, #endif if (mp_init_multi(y, p, q, NULL, NULL, NULL) != MP_OKAY) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(q, key->heap, DYNAMIC_TYPE_DH); + XFREE(p, key->heap, DYNAMIC_TYPE_DH); + XFREE(y, key->heap, DYNAMIC_TYPE_DH); + #endif return MP_INIT_E; } @@ -1541,6 +1551,10 @@ int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 privSz, #endif if (mp_init_multi(x, q, NULL, NULL, NULL, NULL) != MP_OKAY) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(q, key->heap, DYNAMIC_TYPE_DH); + XFREE(x, key->heap, DYNAMIC_TYPE_DH); + #endif return MP_INIT_E; } @@ -1657,6 +1671,11 @@ int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz, if (mp_init_multi(publicKey, privateKey, checkKey, NULL, NULL, NULL) != MP_OKAY) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH); + XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH); + XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH); + #endif return MP_INIT_E; } @@ -1838,8 +1857,14 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, #endif #ifndef WOLFSSL_SP_MATH - if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) + if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(z, key->heap, DYNAMIC_TYPE_DH); + XFREE(x, key->heap, DYNAMIC_TYPE_DH); + XFREE(y, key->heap, DYNAMIC_TYPE_DH); + #endif return MP_INIT_E; + } if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY) ret = MP_READ_E; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index e9f83b14c..cbf5fa10f 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3208,8 +3208,13 @@ static int wc_ecc_cmp_param(const char* curveParam, } #endif - if ((err = mp_init_multi(a, b, NULL, NULL, NULL, NULL)) != MP_OKAY) + if ((err = mp_init_multi(a, b, NULL, NULL, NULL, NULL)) != MP_OKAY) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(a, NULL, DYNAMIC_TYPE_ECC); + XFREE(b, NULL, DYNAMIC_TYPE_ECC); + #endif return err; + } if (err == MP_OKAY) err = mp_read_unsigned_bin(a, param, paramSz); @@ -5167,6 +5172,8 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, #ifdef WOLFSSL_SMALL_STACK XFREE(s, key->heap, DYNAMIC_TYPE_ECC); XFREE(r, key->heap, DYNAMIC_TYPE_ECC); + r = NULL; + s = NULL; #endif #endif @@ -5196,6 +5203,15 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, #endif key->state = ECC_STATE_NONE; +#ifdef WOLFSSL_SMALL_STACK + if (err != WC_PENDING_E) { + XFREE(s, key->heap, DYNAMIC_TYPE_ECC); + XFREE(r, key->heap, DYNAMIC_TYPE_ECC); + r = NULL; + s = NULL; + } +#endif + return err; } #endif /* !NO_ASN */ diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 52b995517..c478225b7 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -2074,7 +2074,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, if (keepContent) { /* Create a buffer to hold content of OCTET_STRINGs. */ - pkcs7->contentDynamic = XMALLOC(contentLen, pkcs7->heap, + pkcs7->contentDynamic = (byte*)XMALLOC(contentLen, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->contentDynamic == NULL) ret = MEMORY_E;