From 620e4fa5ca32c8d66a3ab07945653368ef54c882 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 23 Mar 2016 09:27:27 -0600
Subject: [PATCH 1/2] fix free of WOLFSSL_METHOD pointer on create ctx fail

---
 src/ssl.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/ssl.c b/src/ssl.c
index f6301eea9..c01012dbd 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -154,6 +154,11 @@ static volatile int initRefCount = 0;
 static wolfSSL_Mutex count_mutex;   /* init ref count mutex */
 
 
+/* Create a new WOLFSSL_CTX struct and return the pointer to created struct.
+   WOLFSSL_METHOD pointer passed in is given to ctx to manage.
+   This function frees the passed in WOLFSSL_METHOD struct on failure and on
+   success is freed when ctx is freed.
+ */
 WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
 {
     WOLFSSL_CTX* ctx = NULL;
@@ -166,6 +171,9 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
         if (ret != SSL_SUCCESS) {
             WOLFSSL_MSG("wolfSSL_Init failed");
             WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0);
+            if (method != NULL) {
+                XFREE(method, NULL, DYNAMIC_TYPE_METHOD);
+            }
             return NULL;
         }
     }
@@ -177,6 +185,12 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
     if (ctx) {
         if (InitSSL_Ctx(ctx, method) < 0) {
             WOLFSSL_MSG("Init CTX failed");
+
+            /* check for case when wolfSSL_CTX_free does not free method */
+            if (ctx == NULL) {
+                XFREE(method, NULL, DYNAMIC_TYPE_METHOD);
+            }
+
             wolfSSL_CTX_free(ctx);
             ctx = NULL;
         }

From 8f8f7ac152c7d36034b84092b69861724a69432e Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 23 Mar 2016 13:40:45 -0600
Subject: [PATCH 2/2] remove unecessary XFREE

---
 src/ssl.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index c01012dbd..4e9b87fd3 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -185,12 +185,6 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
     if (ctx) {
         if (InitSSL_Ctx(ctx, method) < 0) {
             WOLFSSL_MSG("Init CTX failed");
-
-            /* check for case when wolfSSL_CTX_free does not free method */
-            if (ctx == NULL) {
-                XFREE(method, NULL, DYNAMIC_TYPE_METHOD);
-            }
-
             wolfSSL_CTX_free(ctx);
             ctx = NULL;
         }