Merge pull request #10629 from yosuke-wolfssl/fix/f_4637

Fix the error handling on wc_PKCS7_DecodeAuthEnvelopedData
This commit is contained in:
Daniel Pouzzner
2026-06-08 15:20:36 -05:00
committed by GitHub
+6 -2
View File
@@ -15319,8 +15319,12 @@ authenv_atrbend:
encryptedContent, encryptedContentSz, encryptedContent,
pkcs7->devId, pkcs7->heap);
if (ret != 0) {
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return ret;
/* Fall through to the shared error handler below, which
* ForceZeros and frees encryptedContent, nulls
* stream->bufferPt/key, and resets the stream. Returning
* here would leave a dangling stream->bufferPt and risk a
* use-after-free / double-free on streaming re-entry. */
break;
}
if (encodedAttribs != NULL) {