mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 05:05:35 +00:00
Set PEM buffer to zero before freeing it
Set PEM buffer to zero before freeing it, to avoid private keys being leaked to memory after releasing it.
This commit is contained in:
parent
72ea31b026
commit
31162e4423
|
@ -1,5 +1,11 @@
|
||||||
mbed TLS ChangeLog (Sorted per branch, date)
|
mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
|
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||||
|
|
||||||
|
Security
|
||||||
|
* Set PEM buffer to zero before freeing it, to avoid decoded private keys
|
||||||
|
being leaked to memory after release.
|
||||||
|
|
||||||
= mbed TLS 2.6.0 branch released 2017-08-10
|
= mbed TLS 2.6.0 branch released 2017-08-10
|
||||||
|
|
||||||
Security
|
Security
|
||||||
|
|
|
@ -387,6 +387,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
||||||
|
|
||||||
void mbedtls_pem_free( mbedtls_pem_context *ctx )
|
void mbedtls_pem_free( mbedtls_pem_context *ctx )
|
||||||
{
|
{
|
||||||
|
memset( ctx->buf, 0, ctx->buflen );
|
||||||
mbedtls_free( ctx->buf );
|
mbedtls_free( ctx->buf );
|
||||||
mbedtls_free( ctx->info );
|
mbedtls_free( ctx->info );
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue