Set PEM buffer to zero before freeing it
Set PEM buffer to zero before freeing it, to avoid private keys
being leaked to memory after releasing it.
diff --git a/ChangeLog b/ChangeLog
index 227faed..9dcd1a0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Security
+ * Set PEM buffer to zero before freeing it, to avoid decoded private keys
+ being leaked to memory after release.
+
= mbed TLS 2.6.0 branch released 2017-08-10
Security
diff --git a/library/pem.c b/library/pem.c
index 8dd86a4..4c23373 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -387,6 +387,7 @@
void mbedtls_pem_free( mbedtls_pem_context *ctx )
{
+ memset( ctx->buf, 0, ctx->buflen );
mbedtls_free( ctx->buf );
mbedtls_free( ctx->info );