From 25dd8b641ef4e17e4b8985f70d8893558448eee3 Mon Sep 17 00:00:00 2001
From: Reda Chouk <reda@wolfssl.com>
Date: Mon, 26 Aug 2024 19:29:06 +0200
Subject: [PATCH] added check on error out from
 wc_PKCS7_EncodeAuthEnvelopedData

---
 wolfcrypt/src/pkcs7.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 9b04166c56..81b2890517 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -13624,7 +13624,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
         }
         XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
     }
+#else
+    if (ret < 0) {
+        ForceZero(encryptedContent, (word32)encryptedContentSz);
+        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
+    }
 #endif
+
 #ifndef NO_PKCS7_STREAM
     if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
         wc_PKCS7_ResetStream(pkcs7);