From 01833a369e719921b89e0e227cbe48e3396a058a Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Wed, 30 Nov 2022 10:02:33 -0800
Subject: [PATCH] free signer if malloc cases fail

---
 src/ssl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index abb700056..49f5df7c7 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5383,7 +5383,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
         else {
             WOLFSSL_MSG("\tCA Mutex Lock failed");
             ret = BAD_MUTEX_E;
-            FreeSigner(signer, cm->heap);
         }
     }
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)
@@ -5411,6 +5410,8 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
 
     WOLFSSL_MSG("\tFreeing Parsed CA");
     FreeDecodedCert(cert);
+    if (ret != 0 && signer != NULL)
+        FreeSigner(signer, cm->heap);
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
 #endif