src/pk_ec.c: in wolfSSL_ECDSA_SIG_new(), mitigate false-positive nullPointerOutOfMemory by returning immediately if initial XMALLOC() fails.

douzzer · douzzer · commit 5bb8b3f8031a · 2026-03-09T10:59:50.000-05:00
diff --git a/src/pk_ec.c b/src/pk_ec.c
@@ -4898,18 +4898,16 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void)
         DYNAMIC_TYPE_ECC);
     if (sig == NULL) {
         WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure");
-        err = 1;
+        return NULL;
     }
 
-    if (!err) {
-        /* Set s to NULL in case of error. */
-        sig->s = NULL;
-        /* Allocate BN into r. */
-        sig->r = wolfSSL_BN_new();
-        if (sig->r == NULL) {
-            WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure");
-            err = 1;
-        }
+    /* Set s to NULL in case of error. */
+    sig->s = NULL;
+    /* Allocate BN into r. */
+    sig->r = wolfSSL_BN_new();
+    if (sig->r == NULL) {
+        WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure");
+        err = 1;
     }
     if (!err) {
         /* Allocate BN into s. */
@@ -4920,7 +4918,7 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void)
         }
     }
 
-    if (err && (sig != NULL)) {
+    if (err) {
         /* Dispose of allocated memory. */
         wolfSSL_ECDSA_SIG_free(sig);
         sig = NULL;
