From 6b0e28f84029c62fdc180358c02bb743349e0fac Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Fri, 27 Oct 2023 07:58:50 -0500
Subject: [PATCH] Fix mem leak in TLSX_CA_Names_Parse

---
 src/tls.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index 2cb5d45e0..6361d8b55 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -6677,13 +6677,17 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
         DecodedCert cert[1];
 #endif
 
-        if (length < OPAQUE16_LEN)
-            return BUFFER_ERROR;
-        ato16(input, &extLen);
-        idx += OPAQUE16_LEN;
-
-        if (idx + extLen > length)
+        if (length < OPAQUE16_LEN) {
             ret = BUFFER_ERROR;
+        }
+
+        if (ret == 0) {
+            ato16(input, &extLen);
+            idx += OPAQUE16_LEN;
+
+            if (idx + extLen > length)
+                ret = BUFFER_ERROR;
+        }
 
         if (ret == 0) {
             InitDecodedCert(cert, input + idx, extLen, ssl->heap);