From 1a55309207cb2edd012062379c82da45ba6bbe9d Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Thu, 5 Jan 2017 10:00:17 -0700
Subject: [PATCH] fix possible memory leak on error case with ASN1 INTEGER to
 BN function

---
 src/ssl.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index ff297b4f7..4d12a13bd 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -16570,8 +16570,17 @@ WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
         return NULL;
     }
 
-    if (SetIndividualExternal(&bn, &mpi) != SSL_SUCCESS) {
-        return NULL;
+    /* SetIndividualExternal mallocs bn in the case that bn is NULL */
+    if (bn == NULL) {
+        if (SetIndividualExternal(&bn, &mpi) != SSL_SUCCESS) {
+            wolfSSL_BN_free(bn);
+            return NULL;
+        }
+    }
+    else {
+        if (SetIndividualExternal(&bn, &mpi) != SSL_SUCCESS) {
+            return NULL;
+        }
     }
 
     return bn;