Merge pull request #2329 from JacobBarthelmeh/SanityChecks

scan-build fixes
2025-07-31 19:24:42 +02:00 · 2019-07-10 10:23:39 -07:00
parent 9cd6a992c5 efe276414b
commit 92bd585f25
2 changed files with 23 additions and 6 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -3113,8 +3113,10 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
 void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap)
 {
    if (name != NULL) {
-        if (name->dynamicName)
+        if (name->dynamicName) {
            XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
+            name->name = NULL;
+        }
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
        {
            int i;
@@ -3161,22 +3163,31 @@ void FreeX509(WOLFSSL_X509* x509)

    FreeX509Name(&x509->issuer, x509->heap);
    FreeX509Name(&x509->subject, x509->heap);
-    if (x509->pubKey.buffer)
+    if (x509->pubKey.buffer) {
        XFREE(x509->pubKey.buffer, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
+        x509->pubKey.buffer = NULL;
+    }
    FreeDer(&x509->derCert);
    XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE);
+    x509->sig.buffer = NULL;
    #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
        XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
+        x509->authKeyId = NULL;
        XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
+        x509->subjKeyId = NULL;
        if (x509->authInfo != NULL) {
            XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
+            x509->authInfo = NULL;
        }
        if (x509->extKeyUsageSrc != NULL) {
            XFREE(x509->extKeyUsageSrc, x509->heap, DYNAMIC_TYPE_X509_EXT);
+            x509->extKeyUsageSrc= NULL;
        }
    #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
-    if (x509->altNames)
+    if (x509->altNames) {
        FreeAltNames(x509->altNames, x509->heap);
+        x509->altNames = NULL;
+    }
 }


@@ -9023,6 +9034,9 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
            if (CopyDecodedToX509(x509, args->dCert) == 0) {
                store->current_cert = x509;
            }
+            else {
+                FreeX509(x509);
+            }
        }
    #endif
    #ifdef SESSION_CERTS
@@ -9531,6 +9545,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
            if (args->dCert == NULL) {
                ERROR_OUT(MEMORY_E, exit_ppc);
            }
+            XMEMSET(args->dCert, 0, sizeof(DecodedCert));
        #endif

            /* Advance state and proceed */
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -11120,12 +11120,14 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
            }

            /* decrypt encryptedContent */
-            ret = wc_PKCS7_DecryptContent(encOID, pkcs7->encryptionKey,
+            if (ret == 0) {
+                ret = wc_PKCS7_DecryptContent(encOID, pkcs7->encryptionKey,
                                  pkcs7->encryptionKeySz, tmpIv, expBlockSz,
                                  NULL, 0, NULL, 0, encryptedContent,
                                  encryptedContentSz, encryptedContent);
-            if (ret != 0) {
-                XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                if (ret != 0) {
+                    XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                }
            }

            if (ret == 0) {