From 0aa0f2628922446390bf13cfc5c7b62317ed0b67 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Fri, 19 Jul 2024 13:57:13 -0500
Subject: [PATCH 1/2] wolfcrypt/src/dilithium.c: fix null deref in
 wc_dilithium_init_ex().

---
 wolfcrypt/src/dilithium.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c
index 625d6bf295..bd5b102720 100644
--- a/wolfcrypt/src/dilithium.c
+++ b/wolfcrypt/src/dilithium.c
@@ -6952,10 +6952,9 @@ int wc_dilithium_init_ex(dilithium_key* key, void* heap, int devId)
         key->idLen = 0;
         key->labelLen = 0;
     #endif
+        key->heap = heap;
     }
 
-    key->heap = heap;
-
     return ret;
 }
 

From e13a8ddcfb80440f77ef4587c570e79d068c9dc3 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Fri, 19 Jul 2024 14:35:39 -0500
Subject: [PATCH 2/2] fixes for null derefs in native Dilithium and Kyber
 implementations, detected by unit.test and cppcheck.

---
 wolfcrypt/src/dilithium.c | 4 +++-
 wolfcrypt/src/wc_kyber.c  | 8 ++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c
index bd5b102720..6a602a1043 100644
--- a/wolfcrypt/src/dilithium.c
+++ b/wolfcrypt/src/dilithium.c
@@ -7421,7 +7421,9 @@ int wc_dilithium_check_key(dilithium_key* key)
     }
 
     /* Dispose of allocated memory. */
-    XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    if (s1 != NULL) {
+        XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    }
 #else
     /* Validate parameter. */
     if (key == NULL) {
diff --git a/wolfcrypt/src/wc_kyber.c b/wolfcrypt/src/wc_kyber.c
index ffa37d84c1..a99cd6c1e9 100644
--- a/wolfcrypt/src/wc_kyber.c
+++ b/wolfcrypt/src/wc_kyber.c
@@ -286,7 +286,9 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand,
     }
 
     /* Free dynamic memory allocated in function. */
-    XFREE(a, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (a != NULL) {
+        XFREE(a, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
 
     return ret;
 }
@@ -890,7 +892,9 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
 
 #ifndef USE_INTEL_SPEEDUP
     /* Dispose of dynamic memory allocated in function. */
-    XFREE(cmp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (cmp != NULL) {
+        XFREE(cmp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
 #endif
 
     return ret;