diff --git a/examples/pem/pem.c b/examples/pem/pem.c index be0f3962c..e183dc908 100644 --- a/examples/pem/pem.c +++ b/examples/pem/pem.c @@ -628,6 +628,7 @@ static int ConvDerToPem(unsigned char* in, word32 offset, word32 len, type); if (ret <= 0) { fprintf(stderr, "Could not convert DER to PEM\n"); + free(pem); } if (ret > 0) { *out = pem; diff --git a/src/crl.c b/src/crl.c index a28100e8f..51aa49e02 100644 --- a/src/crl.c +++ b/src/crl.c @@ -844,8 +844,10 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newc return BAD_MUTEX_E; } if (DupX509_CRL(crl, newcrl) != 0) { - if (crl != NULL) + if (crl != NULL) { + wc_UnLockRwLock(&newcrl->crlLock); FreeCRL(crl, 1); + } return WOLFSSL_FAILURE; } wc_UnLockRwLock(&newcrl->crlLock); diff --git a/src/ssl.c b/src/ssl.c index 04bb5a6fc..bd7f167ea 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7942,9 +7942,10 @@ int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, const unsigned char* buff, int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options) { WOLFSSL_ENTER("wolfSSL_EnableOCSP"); - SSL_CM_WARNING(ssl); - if (ssl) + if (ssl) { + SSL_CM_WARNING(ssl); return wolfSSL_CertManagerEnableOCSP(SSL_CM(ssl), options); + } else return BAD_FUNC_ARG; } @@ -7952,9 +7953,10 @@ int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options) int wolfSSL_DisableOCSP(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_DisableOCSP"); - SSL_CM_WARNING(ssl); - if (ssl) + if (ssl) { + SSL_CM_WARNING(ssl); return wolfSSL_CertManagerDisableOCSP(SSL_CM(ssl)); + } else return BAD_FUNC_ARG; } @@ -7963,9 +7965,10 @@ int wolfSSL_DisableOCSP(WOLFSSL* ssl) int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_EnableOCSPStapling"); - SSL_CM_WARNING(ssl); - if (ssl) + if (ssl) { + SSL_CM_WARNING(ssl); return wolfSSL_CertManagerEnableOCSPStapling(SSL_CM(ssl)); + } else return BAD_FUNC_ARG; } @@ -7973,9 +7976,10 @@ int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl) int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_DisableOCSPStapling"); - SSL_CM_WARNING(ssl); - if (ssl) + if (ssl) { + SSL_CM_WARNING(ssl); return wolfSSL_CertManagerDisableOCSPStapling(SSL_CM(ssl)); + } else return BAD_FUNC_ARG; } @@ -7983,9 +7987,10 @@ int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl) int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url) { WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL"); - SSL_CM_WARNING(ssl); - if (ssl) + if (ssl) { + SSL_CM_WARNING(ssl); return wolfSSL_CertManagerSetOCSPOverrideURL(SSL_CM(ssl), url); + } else return BAD_FUNC_ARG; } @@ -7995,8 +8000,8 @@ int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx) { WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb"); - SSL_CM_WARNING(ssl); if (ssl) { + SSL_CM_WARNING(ssl); ssl->ocspIOCtx = ioCbCtx; /* use SSL specific ioCbCtx */ return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl), ioCb, respFreeCb, NULL); @@ -8587,9 +8592,10 @@ int wolfSSL_trust_peer_cert(WOLFSSL* ssl, const char* file, int type) int wolfSSL_EnableCRL(WOLFSSL* ssl, int options) { WOLFSSL_ENTER("wolfSSL_EnableCRL"); - SSL_CM_WARNING(ssl); - if (ssl) + if (ssl) { + SSL_CM_WARNING(ssl); return wolfSSL_CertManagerEnableCRL(SSL_CM(ssl), options); + } else return BAD_FUNC_ARG; } @@ -8598,9 +8604,10 @@ int wolfSSL_EnableCRL(WOLFSSL* ssl, int options) int wolfSSL_DisableCRL(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_DisableCRL"); - SSL_CM_WARNING(ssl); - if (ssl) + if (ssl) { + SSL_CM_WARNING(ssl); return wolfSSL_CertManagerDisableCRL(SSL_CM(ssl)); + } else return BAD_FUNC_ARG; } @@ -8609,9 +8616,10 @@ int wolfSSL_DisableCRL(WOLFSSL* ssl) int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor) { WOLFSSL_ENTER("wolfSSL_LoadCRL"); - SSL_CM_WARNING(ssl); - if (ssl) + if (ssl) { + SSL_CM_WARNING(ssl); return wolfSSL_CertManagerLoadCRL(SSL_CM(ssl), path, type, monitor); + } else return BAD_FUNC_ARG; } @@ -8619,9 +8627,10 @@ int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor) int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type) { WOLFSSL_ENTER("wolfSSL_LoadCRLFile"); - SSL_CM_WARNING(ssl); - if (ssl) + if (ssl) { + SSL_CM_WARNING(ssl); return wolfSSL_CertManagerLoadCRLFile(SSL_CM(ssl), file, type); + } else return BAD_FUNC_ARG; } @@ -8631,9 +8640,10 @@ int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type) int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb) { WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); - SSL_CM_WARNING(ssl); - if (ssl) + if (ssl) { + SSL_CM_WARNING(ssl); return wolfSSL_CertManagerSetCRL_Cb(SSL_CM(ssl), cb); + } else return BAD_FUNC_ARG; } diff --git a/src/ssl_certman.c b/src/ssl_certman.c index 46011595f..b4bd0cc1c 100644 --- a/src/ssl_certman.c +++ b/src/ssl_certman.c @@ -1328,6 +1328,8 @@ int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname) WOLFSSL_MSG("Cert cache file write failed"); ret = FWRITE_ERROR; } + } + if (mem != NULL) { XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index ea440a391..e379f7e7c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13035,7 +13035,7 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) j = 0; /* Append each number of dotted form. */ for (i = 0; i < tmpSize; i++) { - if (j > MAX_OID_SZ) { + if (j >= MAX_OID_SZ) { return BUFFER_E; }