Fixed possible memory leaks reported by nielsdos in PR 8415 and 8414.

2025-07-30 02:37:28 +02:00 · 2025-02-13 08:20:37 -08:00
parent db0fa304a8
commit f943f6ff5c
2 changed files with 9 additions and 1 deletions
--- a/src/crl.c
+++ b/src/crl.c
@ -1776,6 +1776,10 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
            ret = ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl, VERIFY);
            if (ret != WOLFSSL_SUCCESS) {
                WOLFSSL_MSG("CRL file load failed");
+                wc_ReadDirClose(readCtx);
+            #ifdef WOLFSSL_SMALL_STACK
+                XFREE(readCtx, crl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
                return ret;
            }
        }
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@ -4035,9 +4035,13 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
                pkey->ecc);
        if (ecdsaSig == NULL)
            return WOLFSSL_FAILURE;
+        /* get signature length only */
        ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL);
-        if (ret <= 0 || ret > (int)*siglen)
+        if (ret <= 0 || ret > (int)*siglen) {
+            wolfSSL_ECDSA_SIG_free(ecdsaSig);
            return WOLFSSL_FAILURE;
+        }
+        /* perform validation of signature */
        ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sigret);
        wolfSSL_ECDSA_SIG_free(ecdsaSig);
        if (ret <= 0 || ret > (int)*siglen)