From 7662bd58f0c746b1fcc3fcd2575fb14400c0e215 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 3 Oct 2017 13:28:07 -0600
Subject: [PATCH 1/2] fix DH free with switch from server to client side

---
 src/ssl.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 435f01b52..b82dc9000 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -15259,9 +15259,24 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl)
     word16 haveRSA = 1;
     word16 havePSK = 0;
 
-    if (ssl->options.side == WOLFSSL_SERVER_END) {
-        ssl->options.side = WOLFSSL_CLIENT_END;
+    if (ssl == NULL) {
+        WOLFSSL_MSG("WOLFSSL struct pointer passed in was null");
+        return;
+    }
 
+    #ifndef NO_DH
+    /* client creates its own DH parameters on handshake */
+    if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
+        XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
+    }
+    ssl->buffers.serverDH_P.buffer = NULL;
+    if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) {
+        XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
+    }
+    ssl->buffers.serverDH_G.buffer = NULL;
+    #endif
+
+    if (ssl->options.side == WOLFSSL_SERVER_END) {
         #ifdef NO_RSA
             haveRSA = 0;
         #endif
@@ -15273,6 +15288,7 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl)
                    ssl->options.haveECDSAsig, ssl->options.haveECC,
                    ssl->options.haveStaticECC, ssl->options.side);
     }
+    ssl->options.side = WOLFSSL_CLIENT_END;
 }
 #endif
 

From b9cda18be9b75fe33f262d2bc8f3fa19d0ba184b Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 18 Dec 2017 11:54:03 -0700
Subject: [PATCH 2/2] change type with free to match malloc'd type

---
 src/ssl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index b82dc9000..a578c89c1 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -15267,11 +15267,13 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl)
     #ifndef NO_DH
     /* client creates its own DH parameters on handshake */
     if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
-        XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
+        XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
+            DYNAMIC_TYPE_PUBLIC_KEY);
     }
     ssl->buffers.serverDH_P.buffer = NULL;
     if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) {
-        XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
+        XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
+            DYNAMIC_TYPE_PUBLIC_KEY);
     }
     ssl->buffers.serverDH_G.buffer = NULL;
     #endif