From 0ee4b88e749787d6d111c94eac14cc38f8477197 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Fri, 27 Jul 2018 16:25:10 -0600
Subject: [PATCH] avoid overhead call to alloc and free when sigSz invalid

---
 src/ssl.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 3b094d083..4f03c0b88 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -16765,10 +16765,16 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
             }
 
             sigSz = (int)x509->sig.length;
-            sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            if (sig == NULL || sigSz <= 0) {
+            if (sigSz <= 0) {
+                /* Don't both allocating memory, if sigSz invalid, abort! */
                 return WOLFSSL_FAILURE;
             }
+
+            sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            if (sig == NULL) {
+                return WOLFSSL_FAILURE;
+            }
+
             if (wolfSSL_X509_get_signature(x509, sig, &sigSz) <= 0) {
                 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 return WOLFSSL_FAILURE;