From 2d612da9f400f68b555c40284881d31b0389cba0 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 1 Mar 2017 10:25:54 -0800
Subject: [PATCH] fix signer memory takeover on malformed data

---
 src/ssl.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 7b9b3a75d..4e8b3cc50 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3354,10 +3354,14 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
             ret = MEMORY_ERROR;
         else {
             signer->keyOID         = cert->keyOID;
-            signer->publicKey      = cert->publicKey;
-            signer->pubKeySize     = cert->pubKeySize;
-            signer->nameLen        = cert->subjectCNLen;
-            signer->name           = cert->subjectCN;
+            if (cert->pubKeyStored) {
+                signer->publicKey      = cert->publicKey;
+                signer->pubKeySize     = cert->pubKeySize;
+            }
+            if (cert->subjectCNStored) {
+                signer->nameLen        = cert->subjectCNLen;
+                signer->name           = cert->subjectCN;
+            }
             signer->pathLength     = cert->pathLength;
             signer->pathLengthSet  = cert->pathLengthSet;
         #ifndef IGNORE_NAME_CONSTRAINTS