From f00c5eb95d0a96ba30dd9343adf274e3c6019657 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Tue, 14 Nov 2023 11:10:17 -0500
Subject: [PATCH 1/6] Fix double free

Warning 546055.3229451
---
 wolfcrypt/src/asn.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index f339173ef..8d8b624a6 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -37601,8 +37601,10 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers)
                 mimeType == MIME_PARAM)) && pos >= 1) {
                 mimeStatus = MIME_BODYVAL;
                 end = pos-1;
-                if (nameAttr != NULL)
+                if (nameAttr != NULL) {
                     XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7);
+                    nameAttr = NULL;
+                }
                 ret = wc_MIME_header_strip(curLine, &nameAttr, start, end);
                 if (ret) {
                     goto error;

From c404df78b1580940be07ee8f5d95ebb6c43afe04 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Wed, 15 Nov 2023 15:31:44 -0500
Subject: [PATCH 2/6] Uninitialized variable

Warning 581196.3236230
---
 src/tls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/tls.c b/src/tls.c
index 48d76dfa2..c1394e21c 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -186,6 +186,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
         return MEMORY_E;
 #endif
 
+    XMEMSET(handshake_hash, 0, sizeof(handshake_hash));
     ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
     if (ret == 0) {
         if (XSTRNCMP((const char*)sender, (const char*)kTlsClientStr,

From f5c3fcfec4d6a85eaf03f68ecf239c950f519b8c Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Wed, 15 Nov 2023 16:35:54 -0500
Subject: [PATCH 3/6] Uninitialized variable

Warning 581107.3236416
---
 wolfcrypt/benchmark/benchmark.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 352530d43..6dea81dbd 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -10350,6 +10350,9 @@ exit_enc:
 
     RESET_MULTI_VALUE_STATS_VARS();
 
+    if (ret != 0)
+        goto exit;
+
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < ntimes; i++) {

From b206e074fce0e45efae2eccd42b90c053e311c80 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Wed, 15 Nov 2023 16:40:51 -0500
Subject: [PATCH 4/6] Uninitialized Variable

Warning 545067.3236517
---
 wolfcrypt/src/pkcs7.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 507d9eeeb..5ba058603 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -12576,7 +12576,14 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
             return MEMORY_E;
         }
 
-        FlattenAttributes(pkcs7, flatAttribs, attribs, attribsCount);
+        ret = FlattenAttributes(pkcs7, flatAttribs, attribs, attribsCount);
+        if (ret != 0) {
+            XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            return ret;
+        }
         attribsSetSz = SetImplicit(ASN_SET, 1, attribsSz, attribSet);
 
     } else {

From d164a6c543213bed51e2d32ed19fa92a084e20d7 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Wed, 3 Jan 2024 10:00:31 -0500
Subject: [PATCH 5/6] Buffer Overrun

Warning 545843.5806721
---
 src/x509.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/x509.c b/src/x509.c
index a1c4fc4db..73369f3d3 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -11173,7 +11173,7 @@ err:
         pemSz = (int)(l - i);
 
         /* check calculated length */
-        if (pemSz > MAX_WOLFSSL_FILE_SIZE || pemSz < 0) {
+        if (pemSz > MAX_WOLFSSL_FILE_SIZE || pemSz <= 0) {
             WOLFSSL_MSG("PEM_read_X509_ex file size error");
             return NULL;
         }

From e5d8ce9983944ef5c06164b98ecc754de62fd1e7 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Wed, 3 Jan 2024 10:29:56 -0500
Subject: [PATCH 6/6] Fix memset size

---
 src/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tls.c b/src/tls.c
index c1394e21c..a2f0e8782 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -186,7 +186,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
         return MEMORY_E;
 #endif
 
-    XMEMSET(handshake_hash, 0, sizeof(handshake_hash));
+    XMEMSET(handshake_hash, 0, HSHASH_SZ);
     ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz);
     if (ret == 0) {
         if (XSTRNCMP((const char*)sender, (const char*)kTlsClientStr,