Zeroize heap buf on failure in pem.c

This commit is contained in:
Andres Amaya Garcia 2017-07-12 10:54:06 +01:00
parent a0ae1db2f7
commit f4660aaf4c

View file

@ -343,6 +343,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
if( pwd == NULL ) if( pwd == NULL )
{ {
polarssl_zeroize( buf, len );
polarssl_free( buf ); polarssl_free( buf );
return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED ); return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED );
} }
@ -371,10 +372,12 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
*/ */
if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
{ {
polarssl_zeroize( buf, len );
polarssl_free( buf ); polarssl_free( buf );
return( POLARSSL_ERR_PEM_PASSWORD_MISMATCH ); return( POLARSSL_ERR_PEM_PASSWORD_MISMATCH );
} }
#else #else
polarssl_zeroize( buf, len );
polarssl_free( buf ); polarssl_free( buf );
return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE ); return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC && #endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&