From f943f6ff5c87895af2558157378ecc49f9f2ffc1 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 13 Feb 2025 08:20:37 -0800
Subject: [PATCH] Fixed possible memory leaks reported by nielsdos in PR 8415
 and 8414.

---
 src/crl.c           | 4 ++++
 wolfcrypt/src/evp.c | 6 +++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/crl.c b/src/crl.c
index 1fdbfa93b..6411aeada 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -1776,6 +1776,10 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
             ret = ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl, VERIFY);
             if (ret != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("CRL file load failed");
+                wc_ReadDirClose(readCtx);
+            #ifdef WOLFSSL_SMALL_STACK
+                XFREE(readCtx, crl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
                 return ret;
             }
         }
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index 5e3f936ea..6c53a52d5 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -4035,9 +4035,13 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
                 pkey->ecc);
         if (ecdsaSig == NULL)
             return WOLFSSL_FAILURE;
+        /* get signature length only */
         ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL);
-        if (ret <= 0 || ret > (int)*siglen)
+        if (ret <= 0 || ret > (int)*siglen) {
+            wolfSSL_ECDSA_SIG_free(ecdsaSig);
             return WOLFSSL_FAILURE;
+        }
+        /* perform validation of signature */
         ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sigret);
         wolfSSL_ECDSA_SIG_free(ecdsaSig);
         if (ret <= 0 || ret > (int)*siglen)