From 4d43dbf83baadb3630be88a70fc9a8fb3f6b526f Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Wed, 26 Jun 2024 14:15:42 -0500
Subject: [PATCH] src/ssl_sess.c: in EvictSessionFromCache(), free
 session->ticketNonce.data if it was dynamically allocated.  fixes memory leak
 via wolfSSL_Cleanup().

---
 src/ssl_sess.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/ssl_sess.c b/src/ssl_sess.c
index 0a5da2f9b..43ce1f54a 100644
--- a/src/ssl_sess.c
+++ b/src/ssl_sess.c
@@ -215,6 +215,17 @@
 #ifdef HAVE_EX_DATA
         session->ownExData = save_ownExData;
 #endif
+
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) &&                  \
+    defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        if ((session->ticketNonce.data != NULL) &&
+            (session->ticketNonce.data != session->ticketNonce.dataStatic))
+        {
+            XFREE(session->ticketNonce.data, NULL, DYNAMIC_TYPE_SESSION_TICK);
+            session->ticketNonce.data = NULL;
+        }
+#endif
     }
 
 WOLFSSL_ABI