Fix memory leak on hash failure in LoadCertByIssuer

julek-wolfssl · dgarske · commit c6f41bce2f78 · 2026-03-16T15:14:26.000-07:00
F-721
diff --git a/src/internal.c b/src/internal.c
@@ -14957,6 +14957,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
     #elif !defined(NO_SHA)
         retHash = wc_ShaHash((const byte*)pbuf, (word32)len, dgt);
     #endif
+        wolfSSL_OPENSSL_free(pbuf);
         if (retHash == 0) {
             /* 4 bytes in little endian as unsigned long */
             hash = (((unsigned long)dgt[3] << 24) |
@@ -14967,7 +14968,6 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
             WOLFSSL_MSG("failed hash operation");
             return WOLFSSL_FAILURE;
         }
-        wolfSSL_OPENSSL_free(pbuf);
     }
 
     /* try to load each hashed name file in path */

Original file line number	Diff line number	Diff line change
`@@ -14957,6 +14957,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)`
`14957`	`14957`	`#elif !defined(NO_SHA)`
`14958`	`14958`	`retHash = wc_ShaHash((const byte*)pbuf, (word32)len, dgt);`
`14959`	`14959`	`#endif`
	`14960`	`+ wolfSSL_OPENSSL_free(pbuf);`
`14960`	`14961`	`if (retHash == 0) {`
`14961`	`14962`	`/* 4 bytes in little endian as unsigned long */`
`14962`	`14963`	`hash = (((unsigned long)dgt[3] << 24) \|`
`@@ -14967,7 +14968,6 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)`
`14967`	`14968`	`WOLFSSL_MSG("failed hash operation");`
`14968`	`14969`	`return WOLFSSL_FAILURE;`
`14969`	`14970`	`}`
`14970`		`- wolfSSL_OPENSSL_free(pbuf);`
`14971`	`14971`	`}`
`14972`	`14972`
`14973`	`14973`	`/* try to load each hashed name file in path */`