Fix cast-away-const in ws_ctx_ssl_set_tmp_dh: allocate DerBuffer with actual size and copy data instead of pointing at caller's const buffer, which caused FreeDer to free non-owned memory.

Author: night1rider

src/ssl_load.c

@@ -5930,12 +5930,10 @@ static int ws_ctx_ssl_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 
     /* PemToDer allocates its own DER buffer. */
     if ((res == 1) && (format != WOLFSSL_FILETYPE_PEM)) {
-        /* Create an empty DER buffer. */
-        ret = AllocDer(&der, 0, DH_PARAM_TYPE, heap);
+        /* Create a DER buffer and copy in the encoded DH parameters. */
+        ret = AllocDer(&der, (word32)sz, DH_PARAM_TYPE, heap);
         if (ret == 0) {
-            /* Assign encoded DH parameters to DER buffer. */
-            der->buffer = (byte*)buf;
-            der->length = (word32)sz;
+            XMEMCPY(der->buffer, buf, (word32)sz);
         }
         else {
             res = ret;

tests/api.c

@@ -1705,7 +1705,7 @@ static int test_wolfSSL_use_AltPrivateKey_Id(void)
     ExpectIntEQ(wolfSSL_use_AltPrivateKey_Id(ssl, NULL, sizeof(id),
         INVALID_DEVID), 0);
 
-    /* Positive test — valid ID should succeed. */
+    /* Positive test - valid ID should succeed. */
     ExpectIntEQ(wolfSSL_use_AltPrivateKey_Id(ssl, id, sizeof(id),
         INVALID_DEVID), 1);
 
@@ -1735,7 +1735,7 @@ static int test_wolfSSL_use_AltPrivateKey_Label(void)
         0);
     ExpectIntEQ(wolfSSL_use_AltPrivateKey_Label(ssl, NULL, INVALID_DEVID), 0);
 
-    /* Positive test — valid label should succeed. */
+    /* Positive test - valid label should succeed. */
     ExpectIntEQ(wolfSSL_use_AltPrivateKey_Label(ssl, "test_label",
         INVALID_DEVID), 1);