From cafb6c91b0e97ec4a6742d9cdea4fbcf3853e4b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Teppo=20J=C3=A4rvelin?= <teppo.jarvelin@arm.com>
Date: Wed, 8 Jan 2020 09:19:07 +0200
Subject: [PATCH] Clear internal decrypted buffer after read

---
 library/ssl_tls.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 19bdc9079..d5448c66a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -11119,6 +11119,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
     mbedtls_platform_memcpy( buf, ssl->in_offt, n );
     ssl->in_msglen -= n;
 
+    // clear incoming data after it's copied to buffer
+    mbedtls_platform_memset(ssl->in_offt, 0, n);
+
     if( ssl->in_msglen == 0 )
     {
         /* all bytes consumed */