From 0beeb2356b7f3e02dff47ba5f3aa8a46c59b3694 Mon Sep 17 00:00:00 2001
From: Aaron Jense <aaron@wolfssl.com>
Date: Wed, 13 Nov 2019 11:50:26 -0700
Subject: [PATCH 1/2] Fix scan-build not recognizing FlatAttrib array being
 initialized

---
 wolfcrypt/src/pkcs7.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 33f1001d8..9cecc4f5d 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -1390,6 +1390,19 @@ typedef struct FlatAttrib {
     word32 dataSz;
 } FlatAttrib;
 
+/* Returns a pointer to FlatAttrib whose members are initialized to 0.
+*  Caller is expected to free.
+*/
+static FlatAttrib* NewAttrib(void* heap)
+{
+    FlatAttrib* fb = (FlatAttrib*) XMALLOC(sizeof(FlatAttrib), heap,
+                                                   DYNAMIC_TYPE_TMP_BUFFER);
+    if (fb != NULL) {
+        ForceZero(fb, sizeof(FlatAttrib));
+    }
+    (void)heap;
+    return fb;
+}
 
 /* Free FlatAttrib array and memory allocated to internal struct members */
 static void FreeAttribArray(PKCS7* pkcs7, FlatAttrib** arr, int rows)
@@ -1513,11 +1526,10 @@ static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea,
     if (derArr == NULL) {
         return MEMORY_E;
     }
-    ForceZero(derArr, eaSz * sizeof(FlatAttrib*));
+    XMEMSET(derArr, 0, eaSz * sizeof(FlatAttrib*));
 
     for (i = 0; i < eaSz; i++) {
-        derArr[i] = (FlatAttrib*) XMALLOC(sizeof(FlatAttrib), pkcs7->heap,
-                                          DYNAMIC_TYPE_TMP_BUFFER);
+        derArr[i] = NewAttrib(pkcs7->heap);
         if (derArr[i] == NULL) {
             FreeAttribArray(pkcs7, derArr, eaSz);
             return MEMORY_E;

From dab7d09570ebcd1f370e555c84349f14c20a1b8d Mon Sep 17 00:00:00 2001
From: Aaron Jense <aaron@wolfssl.com>
Date: Wed, 13 Nov 2019 11:55:45 -0700
Subject: [PATCH 2/2] Fix the possibility that memory is not free'd when
 GetLength returns 0

---
 wolfcrypt/src/pkcs12.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c
index 9f641721c..fca9d6d58 100644
--- a/wolfcrypt/src/pkcs12.c
+++ b/wolfcrypt/src/pkcs12.c
@@ -1070,7 +1070,7 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
                 ERROR_OUT(ASN_PARSE_E, exit_pk12par);
             }
             if ((ret = GetLength(data, &idx, &size, ci->dataSz)) <= 0) {
-                goto exit_pk12par;
+                ERROR_OUT(ASN_PARSE_E, exit_pk12par);
             }
 
             if (GetASNTag(data, &idx, &tag, ci->dataSz) < 0) {