mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-23 13:11:03 +00:00
update after Andres comments
Update after Andres coments: 1. zeroize the buffer in `mbedtls_pem_read_buffer()` before freeing it 2. use `mbedtls_zeroize()` instead of `memset()`
This commit is contained in:
parent
4dc8af77a9
commit
82a4b8186d
|
@ -331,7 +331,9 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
|
||||
if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
|
||||
{
|
||||
mbedtls_zeroize( buf, len );
|
||||
mbedtls_free( buf );
|
||||
buf = NULL;
|
||||
return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
|
||||
}
|
||||
|
||||
|
@ -341,7 +343,9 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
|
||||
if( pwd == NULL )
|
||||
{
|
||||
mbedtls_zeroize( buf, len );
|
||||
mbedtls_free( buf );
|
||||
buf = NULL;
|
||||
return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
|
||||
}
|
||||
|
||||
|
@ -369,7 +373,9 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
*/
|
||||
if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
|
||||
{
|
||||
mbedtls_zeroize( buf, len );
|
||||
mbedtls_free( buf );
|
||||
buf = NULL;
|
||||
return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
|
||||
}
|
||||
#else
|
||||
|
@ -387,7 +393,8 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||
|
||||
void mbedtls_pem_free( mbedtls_pem_context *ctx )
|
||||
{
|
||||
memset( ctx->buf, 0, ctx->buflen );
|
||||
if( ctx->buf )
|
||||
mbedtls_zeroize( ctx->buf, ctx->buflen );
|
||||
mbedtls_free( ctx->buf );
|
||||
mbedtls_free( ctx->info );
|
||||
|
||||
|
|
Loading…
Reference in a new issue