ssl_client2: Zeroize peer CRT info buffer when reconnecting

commit: f9ca30d042f3a676eed55efdb3c3f758623f37be [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Tue Feb 26 11:38:29 2019 +0000
committer: Hanno Becker <hanno.becker@arm.com> Wed Jun 19 14:59:41 2019 +0100
tree: a75629e42c7dd4b76f656fb51557f7a0063d37ad
parent: 890d7ee4cbc90bf2ae5e9680466c2e9168356a36 [diff] [blame]
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 72d857b..1af760f 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -494,7 +494,7 @@
 }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-static unsigned char peer_crt_info[1024] = { 0 };
+static unsigned char peer_crt_info[1024];
 
 /*
  * Enabled if debug_level > 1 in code below
@@ -1650,6 +1650,7 @@
     }
 
     mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
+    memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -2513,6 +2514,8 @@
 
         mbedtls_printf( "  . Reconnecting with saved session..." );
 
+        memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
+
         if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
         {
             mbedtls_printf( " failed\n  ! mbedtls_ssl_session_reset returned -0x%x\n\n",
commit	f9ca30d042f3a676eed55efdb3c3f758623f37be	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Tue Feb 26 11:38:29 2019 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Wed Jun 19 14:59:41 2019 +0100
tree	a75629e42c7dd4b76f656fb51557f7a0063d37ad
parent	890d7ee4cbc90bf2ae5e9680466c2e9168356a36 [diff] [blame]