From 9d5e633a96e94e3e6526546e8cb708bd4b15bf34 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 4 Aug 2022 11:16:47 -0500
Subject: [PATCH] wolfcrypt/src/pkcs12.c: add WOLFSSL_SMALL_STACK path in
 freeDecCertList().

---
 wolfcrypt/src/pkcs12.c | 34 +++++++++++++++++++++++++---------
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c
index ac9e1030d..98d306fad 100644
--- a/wolfcrypt/src/pkcs12.c
+++ b/wolfcrypt/src/pkcs12.c
@@ -1012,18 +1012,25 @@ void wc_FreeCertList(WC_DerCertList* list, void* heap)
     (void)heap;
 }
 
-static void freeDecCertList(WC_DerCertList** list, byte** pkey, word32* pkeySz,
-    byte** cert, word32* certSz, void* heap)
+static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list,
+    byte** pkey, word32* pkeySz, byte** cert, word32* certSz, void* heap)
 {
     WC_DerCertList* current  = *list;
     WC_DerCertList* previous = NULL;
-    DecodedCert DeCert;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedCert *DeCert = (DecodedCert *)XMALLOC(
+        sizeof(*DeCert), heap, DYNAMIC_TYPE_PKCS);
+    if (DeCert == NULL)
+        return MEMORY_E;
+#else
+    DecodedCert DeCert[1];
+#endif
 
     while (current != NULL) {
 
-        InitDecodedCert(&DeCert, current->buffer, current->bufferSz, heap);
-        if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) {
-            if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, &DeCert) == 1) {
+        InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap);
+        if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL) == 0) {
+            if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert) == 1) {
                 WOLFSSL_MSG("Key Pair found");
                 *cert = current->buffer;
                 *certSz = current->bufferSz;
@@ -1034,16 +1041,22 @@ static void freeDecCertList(WC_DerCertList** list, byte** pkey, word32* pkeySz,
                 else {
                     previous->next = current->next;
                 }
-                FreeDecodedCert(&DeCert);
+                FreeDecodedCert(DeCert);
                 XFREE(current, heap, DYNAMIC_TYPE_PKCS);
                 break;
             }
         }
-        FreeDecodedCert(&DeCert);
+        FreeDecodedCert(DeCert);
 
         previous = current;
         current  = current->next;
     }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(DeCert, heap, DYNAMIC_TYPE_PKCS);
+#endif
+
+    return 0;
 }
 
 
@@ -1446,7 +1459,10 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
 
     /* check if key pair, remove from list */
     if (*pkey != NULL) {
-        freeDecCertList(&certList, pkey, pkeySz, cert, certSz, pkcs12->heap);
+        ret = freeDecCertList(&certList, pkey, pkeySz, cert, certSz,
+                              pkcs12->heap);
+        if (ret < 0)
+            goto exit_pk12par;
     }
 
     /* if ca arg provided return certList, otherwise free it */