commit 03d70504ca3bf06a5c2bd6ad948effb25c59ed7f
author Andres Amaya Garcia <andres.amayagarcia@arm.com> Mon Jun 26 11:44:54 2017 +0100
committer Andres Amaya Garcia <andres.amayagarcia@arm.com> Mon Jun 26 11:44:54 2017 +0100
tree 2f9af2aa128a8d9154b512925ffa8c6591f8b098
parent a00498819f16f2d4970e598537791fb05f28ebe2

Zeroize heap buf on failure in pem.c

library/pem.c

diff --git a/library/pem.c b/library/pem.c
index 8dd86a4..a09257c 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -341,6 +341,7 @@
     ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
         if( pwd == NULL )
         {
+            mbedtls_zeroize( buf, len );
             mbedtls_free( buf );
             return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
         }
@@ -369,10 +370,12 @@
          */
         if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
         {
+            mbedtls_zeroize( buf, len );
             mbedtls_free( buf );
             return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
         }
 #else
+        mbedtls_zeroize( buf, len );
         mbedtls_free( buf );
         return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
 #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&