From 6cfbd653eda3dd1b0840a188bc4c30f3a0e49acb Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Wed, 27 Jul 2022 11:03:41 -0700
Subject: [PATCH] clean up memory after use

---
 src/certman.c  | 97 +++++++++++++++++++++++++++-----------------------
 src/internal.c |  5 ++-
 2 files changed, 57 insertions(+), 45 deletions(-)

diff --git a/src/certman.c b/src/certman.c
index 5ca24de9..04f7e32b 100644
--- a/src/certman.c
+++ b/src/certman.c
@@ -213,62 +213,67 @@ int wolfSSH_CERTMAN_VerifyCerts_buffer(WOLFSSH_CERTMAN* cm,
         cm->heap, DYNTYPE_CERT);
     certLen = (word32*)WMALLOC(certsCount * sizeof(word32), cm->heap,
         DYNTYPE_CERT);
+    if (certLoc == NULL || certLen == NULL) {
+        ret = WS_MEMORY_E;
+    }
 
-    currentPt = (unsigned char*)certs; /* set initial certificate pointer */
-    currentSz = 0;
+    if (ret == WS_SUCCESS) {
+        currentPt = (unsigned char*)certs; /* set initial certificate pointer */
+        currentSz = 0;
 
-    for (idx = 0; idx < (int)certsCount; idx++) {
-        word32 sz = 0;
-        certLoc[idx] = currentPt;
+        for (idx = 0; idx < (int)certsCount; idx++) {
+            word32 sz = 0;
+            certLoc[idx] = currentPt;
 
-        /* get the size of the certificate from first sequence */
-        if (currentSz + MAX_SEQ_SZ >= certSz) {
-            ret = WS_BUFFER_E;
-            break;
-        }
-        else {
-            /* at this point there is at least 5 bytes in currentPt */
-            if (currentPt[sz] != (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
-                WLOG(WS_LOG_CERTMAN, "no cert sequence to get length from");
-                ret = ASN_PARSE_E;
+            /* get the size of the certificate from first sequence */
+            if (currentSz + MAX_SEQ_SZ >= certSz) {
+                ret = WS_BUFFER_E;
                 break;
             }
-            sz++;
+            else {
+                /* at this point there is at least 5 bytes in currentPt */
+                if (currentPt[sz] != (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
+                    WLOG(WS_LOG_CERTMAN, "no cert sequence to get length from");
+                    ret = ASN_PARSE_E;
+                    break;
+                }
+                sz++;
 
-            if (ret == WS_SUCCESS) {
-                if (currentPt[sz] >= ASN_LONG_LENGTH) {
-                    word32 bytes = currentPt[sz++] & 0x7F;
-                    if (bytes > MAX_LENGTH_SZ) {
-                        WLOG(WS_LOG_CERTMAN, "length found is too large!");
-                        ret = ASN_PARSE_E;
-                        break;
-                    }
-                    else {
-                        byte b;
-                        certLen[idx] = 0;
-                        for (; bytes > 0; bytes--) {
-                            b = currentPt[sz++];
-                            certLen[idx] = (certLen[idx] << 8) | b;
+                if (ret == WS_SUCCESS) {
+                    if (currentPt[sz] >= ASN_LONG_LENGTH) {
+                        word32 bytes = currentPt[sz++] & 0x7F;
+                        if (bytes > MAX_LENGTH_SZ) {
+                            WLOG(WS_LOG_CERTMAN, "length found is too large!");
+                            ret = ASN_PARSE_E;
+                            break;
+                        }
+                        else {
+                            byte b;
+                            certLen[idx] = 0;
+                            for (; bytes > 0; bytes--) {
+                                b = currentPt[sz++];
+                                certLen[idx] = (certLen[idx] << 8) | b;
+                            }
                         }
                     }
+                    else {
+                        certLen[idx] = (word32)currentPt[sz++];
+                    }
+                    sz += certLen[idx];
+                    certLen[idx] = sz; /* update size to contain sequence */
                 }
-                else {
-                    certLen[idx] = (word32)currentPt[sz++];
-                }
-                sz += certLen[idx];
-                certLen[idx] = sz; /* update size to contain first sequence */
             }
-        }
 
-        /* advance current pointer and update current total size */
-        if (ret == WS_SUCCESS) {
-            if (currentSz + sz > certSz) {
-                WLOG(WS_LOG_CERTMAN, "cert found is too large!");
-                ret = ASN_PARSE_E;
-                break;
+            /* advance current pointer and update current total size */
+            if (ret == WS_SUCCESS) {
+                if (currentSz + sz > certSz) {
+                    WLOG(WS_LOG_CERTMAN, "cert found is too large!");
+                    ret = ASN_PARSE_E;
+                    break;
+                }
+                currentSz += sz;
+                currentPt += sz;
             }
-            currentSz += sz;
-            currentPt += sz;
         }
     }
 
@@ -356,6 +361,10 @@ int wolfSSH_CERTMAN_VerifyCerts_buffer(WOLFSSH_CERTMAN* cm,
     }
 #endif /* WOLFSSH_NO_FPKI */
 
+    if (certLoc != NULL)
+        WFREE(certLoc, cm->heap, DYNTYPE_CERT);
+    if (certLen != NULL)
+        WFREE(certLen, cm->heap, DYNTYPE_CERT);
     WLOG_LEAVE(ret);
     return ret;
 }
diff --git a/src/internal.c b/src/internal.c
index 37027ea4..08bc7b30 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -568,6 +568,9 @@ void CtxResourceFree(WOLFSSH_CTX* ctx)
     if (ctx->certMan) {
         wolfSSH_CERTMAN_free(ctx->certMan);
     }
+    if (ctx->cert) {
+        WFREE(ctx->cert, ctx->heap, DYNTYPE_CERT);
+    }
 #endif
 }
 
@@ -838,7 +841,7 @@ int wolfSSH_ProcessBuffer(WOLFSSH_CTX* ctx,
     #ifdef WOLFSSH_CERTS
     else if (type == BUFTYPE_CERT) {
         if (ctx->cert != NULL)
-            WFREE(ctx->cert, heap, 0);
+            WFREE(ctx->cert, heap, dynamicType);
         ctx->cert = der;
         ctx->certSz = derSz;
         ctx->useCert = 1;