wolfSSL · dgarske · Jul 30, 2024 · Jun 26, 2024 · Jul 23, 2024 · Jul 24, 2024
diff --git a/src/ssl_load.c b/src/ssl_load.c
@@ -5102,6 +5102,24 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
 
 #ifdef OPENSSL_EXTRA
 
+#ifdef XGETENV
+static char* wolfSSL_getenv_memcpy(const char* varName) {
+    char* ret = NULL;
+    char* env = NULL;
+    int len = 0;
+
+    if ((env = XGETENV(varName)) != NULL) {
+        len = (int)XSTRLEN(env);
+        ret = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (ret != NULL) {
+            XMEMCPY(ret, env, len);
+        }
+    }
+
+    return ret;
+}
+#endif
+
 /* Use the default paths to look for CA certificate.
  *
  * This is an OpenSSL compatibility layer function, but it doesn't mirror
@@ -5121,18 +5139,18 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
 {
     int ret;
 #ifdef XGETENV
-    char* certDir;
-    char* certFile;
-    word32 flags;
+    char* certDir = NULL;
+    char* certFile = NULL;
+    word32 flags = 0;
 #elif !defined(WOLFSSL_SYS_CA_CERTS)
     (void)ctx;
 #endif
 
     WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths");
 
 #ifdef XGETENV
-    certDir = XGETENV("SSL_CERT_DIR");
-    certFile = XGETENV("SSL_CERT_FILE");
+    certDir = wolfSSL_getenv_memcpy("SSL_CERT_DIR");
+    certFile = wolfSSL_getenv_memcpy("SSL_CERT_FILE");
     flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY;
 
     if ((certDir != NULL) || (certFile != NULL)) {
@@ -5178,6 +5196,14 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
     #endif
     }
 
+#ifdef XGETENV
+    if (certFile != NULL) {
+        XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+    if (certDir != NULL) {
+        XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+#endif
     WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret);
 
     return ret;
@@ -5293,6 +5319,7 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
         pAlloc = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         gAlloc = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         if ((pAlloc == NULL) || (gAlloc == NULL)) {
+            /* Memory will be freed below in the (ret != 1) block */
             ret = MEMORY_E;
         }
     }