From 5dbc6db295ba271400267625feb078fb95c00aa5 Mon Sep 17 00:00:00 2001
From: David Kubasek <dkubase@ra.rockwell.com>
Date: Wed, 3 Mar 2021 10:25:54 +0100
Subject: [PATCH 1/9] Fixed CID 576149

---
 src/ssl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/ssl.c b/src/ssl.c
index 14a160dc2..d7d99c484 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -49965,6 +49965,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
             return NULL;
         }
     } else {
+	/* This may be overly defensive */
+	if (weOwn)
+            wolfSSL_BN_free(ret);
         return NULL;
     }
 

From 38cfe7173243d2ad0cd558f94a28ffdf947c910c Mon Sep 17 00:00:00 2001
From: Radim Smat <rsmat@ra.rockwell.com>
Date: Wed, 3 Mar 2021 15:41:28 +0100
Subject: [PATCH 2/9] Fixed CID 576552.

---
 src/crl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/crl.c b/src/crl.c
index 1663b347a..750ac65fc 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -633,6 +633,7 @@ static CRL_Entry* DupCRL_list(CRL_Entry* crl, void* heap)
                 current = head;
                 head = head->next;
                 FreeCRL_Entry(current, heap);
+                XFREE(current, heap, DYNAMIC_TYPE_CRL_ENTRY);
             }
 
             return NULL;

From ef34e613e8e23f96957d5709a69efe6867b4245b Mon Sep 17 00:00:00 2001
From: Radim Smat <rsmat@ra.rockwell.com>
Date: Wed, 3 Mar 2021 15:46:37 +0100
Subject: [PATCH 3/9] Fixed CID 582947.

---
 src/ocsp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ocsp.c b/src/ocsp.c
index 4862cf939..53f44bbbf 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -799,8 +799,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
                                       DYNAMIC_TYPE_OCSP_STATUS);
     if (resp->single->status == NULL) {
         XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
         XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
+        XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
         return NULL;
     }
     XMEMSET(resp->single->status, 0, sizeof(CertStatus));

From 26578be1a792a600091d936139252767d2c25e8a Mon Sep 17 00:00:00 2001
From: Radim Smat <rsmat@ra.rockwell.com>
Date: Wed, 3 Mar 2021 15:51:22 +0100
Subject: [PATCH 4/9] Fixed CID 583215.

---
 src/ocsp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/ocsp.c b/src/ocsp.c
index 53f44bbbf..1b7395895 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -621,6 +621,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
         if (certStatus)
             XFREE(certStatus, NULL, DYNAMIC_TYPE_OPENSSL);
 
+        wolfSSL_CertManagerFree(cm);
         return NULL;
     }
 

From 0bdb2bf40c07cbac8be2a9e20991bfca5f0d0108 Mon Sep 17 00:00:00 2001
From: Radim Smat <rsmat@ra.rockwell.com>
Date: Wed, 3 Mar 2021 15:55:02 +0100
Subject: [PATCH 5/9] Fixed CID 583972.

---
 src/ssl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/ssl.c b/src/ssl.c
index d7d99c484..df1310cf5 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -23674,6 +23674,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
 
         if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("wolfSSL_BIO_set_fp error");
+            wolfSSL_BIO_free(bio);
             return WOLFSSL_FAILURE;
         }
 

From 27c5714f117e422445161a792308ce48c7a0a805 Mon Sep 17 00:00:00 2001
From: Radim Smat <rsmat@ra.rockwell.com>
Date: Wed, 3 Mar 2021 15:58:55 +0100
Subject: [PATCH 6/9] Fixed CID 586826.

---
 src/ssl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/ssl.c b/src/ssl.c
index df1310cf5..ba2886615 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -44536,6 +44536,7 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
         const byte* bioMemPt = bioMem; /* leave bioMem pointer unaltered */
         if ((key = wolfSSL_d2i_RSAPrivateKey(NULL, &bioMemPt, bioMemSz)) == NULL) {
             XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE((unsigned char*)maxKeyBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
             return NULL;
         }
 

From d5c3d9ca4fc4ac404197a72ce08518b1b7c78835 Mon Sep 17 00:00:00 2001
From: Radim Smat <rsmat@ra.rockwell.com>
Date: Wed, 3 Mar 2021 16:03:32 +0100
Subject: [PATCH 7/9] Fixed CID 587064.

---
 src/ssl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/ssl.c b/src/ssl.c
index ba2886615..9a25b0bfa 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -9475,6 +9475,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
                     WOLFSSL_MSG("ASN1_STRING_set() failed");
                     wolfSSL_ASN1_OBJECT_free(ad->method);
                     XFREE(aia, NULL, DYNAMIC_TYPE_X509_EXT);
+                    XFREE(ad->location, NULL, DYNAMIC_TYPE_OPENSSL);
                     XFREE(ad, NULL, DYNAMIC_TYPE_X509_EXT);
                     return NULL;
                 }

From 18163c9a2ab6b559f860e873f56790baaef33bcf Mon Sep 17 00:00:00 2001
From: Radim Smat <rsmat@ra.rockwell.com>
Date: Wed, 3 Mar 2021 16:38:28 +0100
Subject: [PATCH 8/9] Fixed CID 587269.

---
 src/ssl.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 9a25b0bfa..8d40bbf79 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -41501,7 +41501,7 @@ err:
      *
      * returns WOLFSSL_SUCCESS on success
      */
-    static int wolfSSL_X509_INFO_set(WOLFSSL_X509_INFO* info,
+    static int wolfSSL_X509_INFO_set(WOLFSSL_X509_INFO** info,
             WOLFSSL_X509* x509)
     {
         if (info == NULL || x509 == NULL) {
@@ -41509,7 +41509,7 @@ err:
         }
 
         /* check is fresh "info" passed in, if not free it */
-        if (info->x509 != NULL || info->x_pkey != NULL) {
+        if ((*info)->x509 != NULL || (*info)->x_pkey != NULL) {
             WOLFSSL_X509_INFO* tmp;
 
             tmp = wolfSSL_X509_INFO_new();
@@ -41517,11 +41517,11 @@ err:
                 WOLFSSL_MSG("Unable to create new structure");
                 return MEMORY_E;
             }
-            wolfSSL_X509_INFO_free(info);
-            info = tmp;
+            wolfSSL_X509_INFO_free(*info);
+            (*info) = tmp;
         }
 
-        info->x509 = x509;
+        (*info)->x509 = x509;
 
         //@TODO info->num
         //@TODO info->enc_cipher
@@ -41529,8 +41529,8 @@ err:
         //@TODO info->enc_data
         //@TODO info->crl
 
-        info->x_pkey = wolfSSL_X509_PKEY_new(x509->heap);
-        return wolfSSL_X509_PKEY_set(info->x_pkey, x509);
+        (*info)->x_pkey = wolfSSL_X509_PKEY_new(x509->heap);
+        return wolfSSL_X509_PKEY_set((*info)->x_pkey, x509);
     }
 
     /**
@@ -41725,7 +41725,7 @@ err:
                     return NULL;
                 }
                 if (x509) {
-                    ret = wolfSSL_X509_INFO_set(current, x509);
+                    ret = wolfSSL_X509_INFO_set(&current, x509);
                 }
                 else if (crl) {
                     current->crl = crl;

From 061120dda6e24a5a728f1d25cae6b68ca56474af Mon Sep 17 00:00:00 2001
From: Radim Smat <rsmat@ra.rockwell.com>
Date: Wed, 3 Mar 2021 17:18:24 +0100
Subject: [PATCH 9/9] Fixed CID 587340.

---
 src/ssl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/ssl.c b/src/ssl.c
index 8d40bbf79..66a3de121 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -8171,6 +8171,7 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert)
                     CA_TYPE,
             NO_VERIFY, NULL) < 0) {
         WOLFSSL_MSG("\tCertificate parsing failed");
+        FreeDecodedCert(&cert);
         return WOLFSSL_FAILURE;
     }