Set PEM buffer to zero before freeing it

Set PEM buffer to zero before freeing it, to avoid private keys
being leaked to memory after releasing it.
This commit is contained in:
Ron Eldor 2017-09-05 15:34:35 +03:00
parent 72ea31b026
commit 31162e4423
2 changed files with 7 additions and 0 deletions

View file

@ -1,5 +1,11 @@
mbed TLS ChangeLog (Sorted per branch, date) mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS x.x.x branch released xxxx-xx-xx
Security
* Set PEM buffer to zero before freeing it, to avoid decoded private keys
being leaked to memory after release.
= mbed TLS 2.6.0 branch released 2017-08-10 = mbed TLS 2.6.0 branch released 2017-08-10
Security Security

View file

@ -387,6 +387,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
void mbedtls_pem_free( mbedtls_pem_context *ctx ) void mbedtls_pem_free( mbedtls_pem_context *ctx )
{ {
memset( ctx->buf, 0, ctx->buflen );
mbedtls_free( ctx->buf ); mbedtls_free( ctx->buf );
mbedtls_free( ctx->info ); mbedtls_free( ctx->info );