From 27267d7d2e057e25a76685d3e8e53fc45d0216dc Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Tue, 22 Oct 2024 00:21:26 -0600
Subject: [PATCH 1/3] CID 426066 fix check if null before free

---
 src/x509.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/x509.c b/src/x509.c
index 58f5cc1194..c19b2bbed7 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -14111,7 +14111,9 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT);
+    if (x != NULL) {
+        XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT);
+    }
 #endif
 
     return ret;

From 18150a11aa03fa55cb5776207c7a5cd79ea56863 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Tue, 22 Oct 2024 00:24:29 -0600
Subject: [PATCH 2/3] CID 426062,426063 initialization and free check

---
 wolfcrypt/test/test.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 4c3c9d771d..24c0bfc06c 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -13939,6 +13939,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void)
         if ((bigCipher == NULL) ||
             (bigPlain == NULL)) {
             XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             ERROR_OUT(WC_TEST_RET_ENC_NC, out);
         }
 #else
@@ -35099,6 +35100,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     (void)x;
     WOLFSSL_ENTER("curve25519_test");
 
+    /* wc_FreeRng is always called on exit. Therefore wc_InitRng should be
+     * called before any exit goto's */
+#ifndef HAVE_FIPS
+    ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
+#else
+    ret = wc_InitRng(&rng);
+#endif
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     userA = wc_curve25519_new(HEAP_HINT, devId, &ret);
     if (ret != 0)
@@ -35115,14 +35126,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     wc_curve25519_init_ex(pubKey, HEAP_HINT, devId);
 #endif
 
-#ifndef HAVE_FIPS
-    ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
-#else
-    ret = wc_InitRng(&rng);
-#endif
-    if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
-
     /* make curve25519 keys */
     ret = wc_curve25519_make_key(&rng, 32, userA);
     if (ret != 0)

From f21a763ae99ba1057df945a896eeff9ec14454c7 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Tue, 22 Oct 2024 14:22:46 -0600
Subject: [PATCH 3/3] return out of test function if failing RNG init

---
 wolfcrypt/test/test.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 24c0bfc06c..b00cfa00c2 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -35108,7 +35108,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
     ret = wc_InitRng(&rng);
 #endif
     if (ret != 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
+        return WC_TEST_RET_ENC_EC(ret);
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     userA = wc_curve25519_new(HEAP_HINT, devId, &ret);