zero-initialize DecodedCert immediately after allocation in

wolfssl_certmanagerloadcabuffertype to prevent cleanup on an
uninitialized struct on the pem error path.
This commit is contained in:
Reda Chouk
2026-05-08 14:46:44 +02:00
parent 01ba609f0d
commit 54bb2c2caf
+1 -1
View File
@@ -633,6 +633,7 @@ int wolfSSL_CertManagerLoadCABufferType(WOLFSSL_CERT_MANAGER* cm,
if (dCert == NULL) {
ret = WOLFSSL_FATAL_ERROR;
} else {
XMEMSET(dCert, 0, sizeof(DecodedCert));
if (format == WOLFSSL_FILETYPE_PEM) {
#ifndef WOLFSSL_PEM_TO_DER
ret = NOT_COMPILED_IN;
@@ -651,7 +652,6 @@ int wolfSSL_CertManagerLoadCABufferType(WOLFSSL_CERT_MANAGER* cm,
}
if (ret == WOLFSSL_SUCCESS) {
XMEMSET(dCert, 0, sizeof(DecodedCert));
wc_InitDecodedCert(dCert, buff,
(word32)sz, cm->heap);
ret = wc_ParseCert(dCert, CERT_TYPE, NO_VERIFY, NULL);