Fix Warning 826836.9285316

wolfSSL · Jul 23, 2024 · bf96af6 · bf96af6
1 parent 7e6b1bb
commit bf96af6
Showing 1 changed file with 29 additions and 5 deletions.
diff --git a/src/ssl_load.c b/src/ssl_load.c
@@ -5102,6 +5102,22 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
 
 #ifdef OPENSSL_EXTRA
 
+static char* wolfSSL_getenv_memcpy(const char* varName) {
+    char* ret = NULL;
+    char* env = NULL;
+    int len = 0;
+
+    if ((env = XGETENV(varName)) != NULL) {
+        len = XSTRLEN(env);
+        ret = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (ret != NULL) {
+            XMEMCPY(ret, env, len);
+        }
+    }
+
+    return ret;
+}
+
 /* Use the default paths to look for CA certificate.
  *
  * This is an OpenSSL compatibility layer function, but it doesn't mirror
@@ -5121,18 +5137,18 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
 {
     int ret;
 #ifdef XGETENV
-    char* certDir;
-    char* certFile;
-    word32 flags;
+    char* certDir = NULL;
+    char* certFile = NULL;
+    word32 flags = 0;
 #elif !defined(WOLFSSL_SYS_CA_CERTS)
     (void)ctx;
 #endif
 
     WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths");
 
 #ifdef XGETENV
-    certDir = XGETENV("SSL_CERT_DIR");
-    certFile = XGETENV("SSL_CERT_FILE");
+    certDir = wolfSSL_getenv_memcpy("SSL_CERT_DIR");
+    certFile = wolfSSL_getenv_memcpy("SSL_CERT_FILE");
     flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY;
 
     if ((certDir != NULL) || (certFile != NULL)) {
@@ -5178,6 +5194,14 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
     #endif
     }
 
+#ifdef XGETENV
+    if (certFile != NULL) {
+        XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    if (certDir != NULL) {
+        XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+#endif
     WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret);
 
     return ret;