From 0d13b385ab71f6f60c89a25f3794b9cd16063108 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 15 Aug 2019 17:01:30 -0700
Subject: [PATCH] Fixes for possible cases where DerBuffer is not free'd in
 `AddCA` error cases.

---
 src/ssl.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 119308ec7..bada6824a 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -4258,14 +4258,18 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
 
     WOLFSSL_MSG("Adding a CA");
 
-    if (cm == NULL)
+    if (cm == NULL) {
+        FreeDer(pDer);
         return BAD_FUNC_ARG;
+    }
 
 #ifdef WOLFSSL_SMALL_STACK
     cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
                                  DYNAMIC_TYPE_DCERT);
-    if (cert == NULL)
+    if (cert == NULL) {
+        FreeDer(pDer);
         return MEMORY_E;
+    }
 #endif
 
     InitDecodedCert(cert, der->buffer, der->length, cm->heap);