From d65be7af217daf378e3d3d7386c669427701f229 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Sun, 4 Aug 2024 15:41:52 -0500
Subject: [PATCH] wolfcrypt/src/asn.c and wolfssl/wolfcrypt/asn.h: in
 SetDNSEntry(), defer XFREE(dnsEntry, ...) until end (fixes double free); add
 PBE_NONE to enum PBESTypes; in EncryptContent(), initialize id to PBE_NONE to
 fix a -Wmaybe-uninitialized (CheckAlgo() can leave it unchanged even when
 returning success).

---
 wolfcrypt/src/asn.c     | 3 +--
 wolfssl/wolfcrypt/asn.h | 4 +++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index c791c0a1eb..de916c5150 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -9177,7 +9177,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
     word32 seqSz;
     word32 innerSz;
     int    ret;
-    int    version, id, blockSz = 0;
+    int    version, id = PBE_NONE, blockSz = 0;
 #ifdef WOLFSSL_SMALL_STACK
     byte*  saltTmp = NULL;
     byte*  cbcIv   = NULL;
@@ -13550,7 +13550,6 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
         dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap,
                                                           DYNAMIC_TYPE_ALTNAME);
         if (dnsEntry->name == NULL) {
-            XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
             ret = MEMORY_E;
         }
     }
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index 8cab879ebd..acee9e4276 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -2760,7 +2760,9 @@ enum PBESTypes {
 
     PBES2              = 13,       /* algo ID */
     PBES1_MD5_DES      = 3,
-    PBES1_SHA1_DES     = 10
+    PBES1_SHA1_DES     = 10,
+
+    PBE_NONE           = 999
 };
 
 enum PKCSTypes {