From 5fd9e99bbdeb9f894c1f286d2d5dd930c1fffd6d Mon Sep 17 00:00:00 2001
From: jordan <jordan@wolfssl.com>
Date: Mon, 21 Oct 2024 20:49:34 -0500
Subject: [PATCH] coverity: don't overwrite obj in wolfSSL_X509_get_ext_d2i.

---
 src/x509.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/x509.c b/src/x509.c
index 58f5cc1194..1fc6c289af 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -2445,6 +2445,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                         sk = NULL;
                     }
                 }
+
                 obj = wolfSSL_ASN1_OBJECT_new();
                 if (obj == NULL) {
                     WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
@@ -2455,6 +2456,15 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
                 obj->grp   = oidCertExtType;
                 obj->obj   = (byte*)(x509->certPolicies[i]);
                 obj->objSz = MAX_CERTPOL_SZ;
+
+                if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) {
+                    WOLFSSL_MSG("Error pushing ASN1 object onto stack");
+                    wolfSSL_ASN1_OBJECT_free(obj);
+                    wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+                    sk = NULL;
+                }
+
+                obj = NULL;
             }
             else {
                 WOLFSSL_MSG("No Cert Policy set");