wolfSSL · dgarske · Jul 30, 2024 · Jun 26, 2024 · Jul 23, 2024 · Jul 24, 2024
diff --git a/src/ssl_load.c b/src/ssl_load.c
@@ -5121,18 +5121,18 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
 {
     int ret;
 #ifdef XGETENV
-    char* certDir;
-    char* certFile;
-    word32 flags;
+    char* certDir = NULL;
+    char* certFile = NULL;
+    word32 flags = 0;
 #elif !defined(WOLFSSL_SYS_CA_CERTS)
     (void)ctx;
 #endif
 
     WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths");
 
 #ifdef XGETENV
-    certDir = XGETENV("SSL_CERT_DIR");
-    certFile = XGETENV("SSL_CERT_FILE");
+    certDir = wc_strdup(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER);
+    certFile = wc_strdup(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER);
     flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY;
 
     if ((certDir != NULL) || (certFile != NULL)) {
@@ -5178,6 +5178,10 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
     #endif
     }
 
+#ifdef XGETENV
+    XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
     WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret);
 
     return ret;
@@ -5293,6 +5297,7 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
         pAlloc = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         gAlloc = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
         if ((pAlloc == NULL) || (gAlloc == NULL)) {
+            /* Memory will be freed below in the (ret != 1) block */
             ret = MEMORY_E;
         }
     }

diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
@@ -1177,6 +1177,21 @@ int wc_strncasecmp(const char *s1, const char *s2, size_t n)
 }
 #endif /* USE_WOLF_STRNCASECMP */
 
+char* wc_strdup(const char *src, int memType) {
+    char *ret = NULL;
+    int len = 0;
+
+    if (src) {
+        len = (int)XSTRLEN(src);
+        ret = (char*)XMALLOC(len, NULL, memType);
+        if (ret != NULL) {
+            XMEMCPY(ret, src, len);
+        }
+    }
+
+    return ret;
+}
+
 #ifdef WOLFSSL_ATOMIC_OPS
 
 #ifdef HAVE_C___ATOMIC

diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
@@ -917,6 +917,7 @@ typedef struct w64wrapper {
         WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n);
     #endif
 
+    WOLFSSL_API char* wc_strdup(const char *src, int memType);
     #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
         #ifndef XGETENV
             #ifdef NO_GETENV