From bdc1b1929c8612ce265c5f17b9a03d3a90b706a8 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Thu, 9 Jan 2025 10:08:57 -0700
Subject: [PATCH] resolve memory leak on error

---
 src/tls13.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/tls13.c b/src/tls13.c
index 0ffe824c9c..a3d1c9bf28 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -6909,6 +6909,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     if (args->clSuites == NULL) {
         ERROR_OUT(MEMORY_E, exit_dch);
     }
+#ifdef OPENSSL_EXTRA
+    /* hang on to client suites found and free the struct when WOLFSSL object
+     * is free'd */
+    XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
+    ssl->clSuites = args->clSuites;
+#endif
 
     /* Cipher suites */
     if ((args->idx - args->begin) + OPAQUE16_LEN > helloSz)
@@ -7081,7 +7087,6 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     case TLS_ASYNC_DO:
     {
 #ifdef OPENSSL_EXTRA
-    ssl->clSuites = args->clSuites;
     if ((ret = CertSetupCbWrapper(ssl)) != 0)
         goto exit_dch;
 #endif