Merge pull request #2602 from SparkiDev/certs_exts_free

ProcessPeerCerts jump to error handling instead of returning

src/internal.c

@@ -10047,12 +10047,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 if (ssl->options.tls1_3) {
                     word16 extSz;
 
-                    if ((args->idx - args->begin) + OPAQUE16_LEN > totalSz)
+                    if ((args->idx - args->begin) + OPAQUE16_LEN > totalSz) {
-                        return BUFFER_ERROR;
+                        ERROR_OUT(BUFFER_ERROR, exit_ppc);
+                    }
                     ato16(input + args->idx, &extSz);
                     args->idx += OPAQUE16_LEN;
-                    if ((args->idx - args->begin) + extSz > totalSz)
+                    if ((args->idx - args->begin) + extSz > totalSz) {
-                        return BUFFER_ERROR;
+                        ERROR_OUT(BUFFER_ERROR, exit_ppc);
+                    }
                     /* Store extension data info for later processing. */
                     args->exts[args->totalCerts].length = extSz;
                     args->exts[args->totalCerts].buffer = input + args->idx;
@@ -10060,8 +10062,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     listSz -= extSz + OPAQUE16_LEN;
                     ret = TLSX_Parse(ssl, args->exts[args->totalCerts].buffer,
                         args->exts[args->totalCerts].length, certificate, NULL);
-                    if (ret < 0)
+                    if (ret < 0) {
-                        return ret;
+                        ERROR_OUT(ret, exit_ppc);
+                    }
                 }
             #endif