Zeroize heap buf on failure in pem.c

commit: f4660aaf4c24b5779bb6a5304ab1dfacb729f4ed [log] [tgz]
author: Andres Amaya Garcia <andres.amayagarcia@arm.com> Wed Jul 12 10:54:06 2017 +0100
committer: Andres Amaya Garcia <andres.amayagarcia@arm.com> Wed Jul 12 11:04:18 2017 +0100
tree: 890d18c58efec7e9122f16a76f310e90ffef841c
parent: a0ae1db2f7635e8a92250c08d9b00338b7c953ff [diff] [blame]
diff --git a/library/pem.c b/library/pem.c
index b2c16c2..611c788 100644
--- a/library/pem.c
+++ b/library/pem.c

@@ -343,6 +343,7 @@
     ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
         if( pwd == NULL )
         {
+            polarssl_zeroize( buf, len );
             polarssl_free( buf );
             return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED );
         }
@@ -371,10 +372,12 @@
          */
         if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
         {
+            polarssl_zeroize( buf, len );
             polarssl_free( buf );
             return( POLARSSL_ERR_PEM_PASSWORD_MISMATCH );
         }
 #else
+        polarssl_zeroize( buf, len );
         polarssl_free( buf );
         return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
 #endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&
commit	f4660aaf4c24b5779bb6a5304ab1dfacb729f4ed	[log] [tgz]
author	Andres Amaya Garcia <andres.amayagarcia@arm.com>	Wed Jul 12 10:54:06 2017 +0100
committer	Andres Amaya Garcia <andres.amayagarcia@arm.com>	Wed Jul 12 11:04:18 2017 +0100
tree	890d18c58efec7e9122f16a76f310e90ffef841c
parent	a0ae1db2f7635e8a92250c08d9b00338b7c953ff [diff] [blame]