diff --git a/src/ssl.c b/src/ssl.c index b61a376bf9..85c8854973 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15486,7 +15486,7 @@ int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len) /* verify provided arguments. The return value is an int, so reject any * len that cannot be represented as a positive int. */ - if (buf == NULL || len == 0 || len > (size_t)INT_MAX) { + if (buf == NULL || len == 0 || len > (size_t)WOLFSSL_MAX_32BIT) { return 0; /* BAD_FUNC_ARG; */ } diff --git a/src/wolfio.c b/src/wolfio.c index 30d2022de4..ab85ecdef8 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1758,7 +1758,7 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath, /* Reject out-of-range ports rather than silently truncating to * word16, which would otherwise wrap (e.g. 65536 -> 0) and * connect to an unintended port. */ - if (bigPort > 65535) + if (bigPort > WOLFSSL_MAX_16BIT) return WOLFSSL_FATAL_ERROR; if (outPort) *outPort = (word16)bigPort; diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c index 2a8228adf4..7c4218ac57 100644 --- a/wolfcrypt/src/chacha20_poly1305.c +++ b/wolfcrypt/src/chacha20_poly1305.c @@ -126,7 +126,10 @@ int wc_ChaCha20Poly1305_Decrypt( /* zero plaintext on error */ ForceZero(outPlaintext, inCiphertextLen); } - ForceZero(aead, sizeof(ChaChaPoly_Aead)); + #ifdef WOLFSSL_SMALL_STACK + if (aead != NULL) + #endif + ForceZero(aead, sizeof(ChaChaPoly_Aead)); WC_FREE_VAR_EX(aead, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret;