From 060ff5e5ef5a2d4ecde828205db3382fdf3f8a34 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Mon, 19 Dec 2016 11:53:14 -0700
Subject: [PATCH] address fortify critical issues

---
 src/internal.c      | 4 +++-
 wolfcrypt/src/asn.c | 8 ++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index a62c1e634..9b69cc049 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -10527,7 +10527,9 @@ int SendCertificate(WOLFSSL* ssl)
 
             sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
                                   handshake, 1, 0);
-            XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+
+            if (inputSz > 0)
+                XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
 
             if (sendSz < 0)
                 return sendSz;
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 28e3cb02a..f780e7971 100755
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1907,6 +1907,14 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
             return ASN_PARSE_E;
         }
 
+        if (length > MAX_IV_SIZE) {
+#ifdef WOLFSSL_SMALL_STACK
+            XFREE(salt,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+            return ASN_PARSE_E;
+        }
+
         XMEMCPY(cbcIv, &input[inOutIdx], length);
         inOutIdx += length;
     }