From 4751af9b89f77e50b9438b9645fbab83f4a6f236 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Mon, 18 Mar 2024 22:55:51 +0700
Subject: [PATCH 1/2] scan-build fixes for pkcs7

---
 wolfcrypt/src/pkcs7.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 2bf10cd94..ed3745ee1 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -2596,6 +2596,10 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
             {
                 int szLeft = BER_OCTET_LENGTH;
 
+                if (in == NULL) {
+                    return BAD_FUNC_ARG;
+                }
+
                 if (szLeft + totalSz > (word32)inSz)
                     szLeft = inSz - totalSz;
 
@@ -2669,6 +2673,10 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
         XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
     }
     else {
+        if (in == NULL || out == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
         switch (cipherType) {
             case WC_CIPHER_NONE:
                 if (!pkcs7->detached) {
@@ -8168,12 +8176,15 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
                         WOLFSSL_MSG("Not AES-GCM stream support compiled in");
                         ret = NOT_COMPILED_IN;
                     }
-                    ret = wc_AesGcmEncrypt(aes, out, in, inSz, iv, ivSz,
+                    else {
+                        ret = wc_AesGcmEncrypt(aes, out, in, inSz, iv, ivSz,
                                            authTag, authTagSz, aad, aadSz);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    /* async encrypt not available here, so block till done */
-                    ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE);
-                #endif
+                    #ifdef WOLFSSL_ASYNC_CRYPT
+                        /* async encrypt not available here, so block till done */
+                        ret = wc_AsyncWait(ret, &aes->asyncDev,
+                            WC_ASYNC_FLAG_NONE);
+                    #endif
+                    }
                 #else
                     ret = wc_AesGcmEncryptInit(aes, key, keySz, iv, ivSz);
                     if (ret == 0) {

From d51bef3d430461e7b90d6ae3aa26ed26b3264ecf Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Tue, 19 Mar 2024 00:58:32 +0700
Subject: [PATCH 2/2] fix for memory leak on error

---
 wolfcrypt/src/pkcs7.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index ed3745ee1..997fd4f06 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -2597,6 +2597,8 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes,
                 int szLeft = BER_OCTET_LENGTH;
 
                 if (in == NULL) {
+                    XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+                    XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
                     return BAD_FUNC_ARG;
                 }