ssl_client2: Zeroize peer CRT info buffer when reconnecting

commit: a1051b4e9ae55827be7792272dfe59f28f07307a [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Tue Feb 26 11:38:29 2019 +0000
committer: Hanno Becker <hanno.becker@arm.com> Tue Feb 26 14:38:09 2019 +0000
tree: 114e137b6b680ee330334b6e1b11a2a3cd852771
parent: fe9aec4cb1b594c0a61b40ffe2649f89627a7df1 [diff] [blame]
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 3089d86..73b707c 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -478,7 +478,7 @@
 }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-static unsigned char peer_crt_info[1024] = { 0 };
+static unsigned char peer_crt_info[1024];
 
 /*
  * Enabled if debug_level > 1 in code below
@@ -1512,6 +1512,7 @@
     }
 
     mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
+    memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
     if( opt.auth_mode != DFL_AUTH_MODE )
@@ -2217,6 +2218,8 @@
 
         mbedtls_printf( "  . Reconnecting with saved session..." );
 
+        memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
+
         if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
         {
             mbedtls_printf( " failed\n  ! mbedtls_ssl_session_reset returned -0x%x\n\n",
commit	a1051b4e9ae55827be7792272dfe59f28f07307a	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Tue Feb 26 11:38:29 2019 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Tue Feb 26 14:38:09 2019 +0000
tree	114e137b6b680ee330334b6e1b11a2a3cd852771
parent	fe9aec4cb1b594c0a61b40ffe2649f89627a7df1 [diff] [blame]