From f19f80309809b39c24cfec5b41dc5879aaaef517 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 27 Sep 2018 11:39:30 -0700
Subject: [PATCH] Fix for possible leak with openssl comatibility API
 `wolfSSL_d2i_ECDSA_SIG` when fast math is disabled.

---
 src/ssl.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 58b3da3ce..f91732ae4 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -22173,11 +22173,11 @@ WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
     }
 
     InitwolfSSL_BigNum(external);
-    external->internal = mpi;
     if (mp_init(mpi) != MP_OKAY) {
         wolfSSL_BN_free(external);
         return NULL;
     }
+    external->internal = mpi;
 
     return external;
 }
@@ -22188,7 +22188,9 @@ void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
     WOLFSSL_MSG("wolfSSL_BN_free");
     if (bn) {
         if (bn->internal) {
-            mp_forcezero((mp_int*)bn->internal);
+            mp_int* bni = (mp_int*)bn->internal;
+            mp_forcezero(bni);
+            mp_free(bni);
             XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
             bn->internal = NULL;
         }
@@ -27541,6 +27543,10 @@ WOLFSSL_ECDSA_SIG *wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG **sig,
             return NULL;
     }
 
+    /* DecodeECC_DSA_Sig calls mp_init, so free these */
+    mp_free((mp_int*)s->r->internal);
+    mp_free((mp_int*)s->s->internal);
+
     if (DecodeECC_DSA_Sig(*pp, (word32)len, (mp_int*)s->r->internal,
                                           (mp_int*)s->s->internal) != MP_OKAY) {
         if (sig == NULL || *sig == NULL)