From 9d64b789cf4e0b1374bd5f323fb6a8dff55703a3 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 25 Feb 2019 10:06:59 +0000
Subject: [PATCH] Set peer CRT length only after successful allocation

---
 library/ssl_tls.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 018029f7c..07e30a369 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -398,15 +398,15 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     if( src->peer_cert_digest != NULL )
     {
-        dst->peer_cert_digest_len = src->peer_cert_digest_len;
         dst->peer_cert_digest =
-            mbedtls_calloc( 1, dst->peer_cert_digest_len );
+            mbedtls_calloc( 1, src->peer_cert_digest_len );
         if( dst->peer_cert_digest == NULL )
             return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
 
         memcpy( dst->peer_cert_digest, src->peer_cert_digest,
                 src->peer_cert_digest_len );
         dst->peer_cert_digest_type = src->peer_cert_digest_type;
+        dst->peer_cert_digest_len = src->peer_cert_digest_len;
     }
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */