From 39e2405e2f63bc397a0bdafb291bb3d5216cf10d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 19 Apr 2024 11:43:32 -0500 Subject: [PATCH] src/ssl_load.c: fix double-free in wolfSSL_CTX_SetTmpDH(). --- src/ssl_load.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index 68d612b2a1..41eb7fe6d2 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -5374,7 +5374,9 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, gAlloc = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); if ((pAlloc == NULL) || (gAlloc == NULL)) { XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + pAlloc = NULL; XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + gAlloc = NULL; ret = MEMORY_E; } } @@ -5389,8 +5391,10 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, if (ret != 1) { /* Free the allocated buffers if not assigned into SSL context. */ - XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + if (pAlloc) + XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + if (gAlloc) + XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); } return ret; }