Set PEM buffer to zero before freeing it

Set PEM buffer to zero before freeing it, to avoid private keys being leaked to memory after releasing it.
2024-11-22 10:55:38 +01:00 · 2017-09-05 15:34:35 +03:00 · 2017-09-05 15:34:35 +03:00 · 31162e4423
commit 31162e4423
parent 72ea31b026
2 changed files with 7 additions and 0 deletions
--- a/6
+++ b/6
@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS x.x.x branch released xxxx-xx-xx
 Security
   * Set PEM buffer to zero before freeing it, to avoid decoded private keys
     being leaked to memory after release.
 = mbed TLS 2.6.0 branch released 2017-08-10
 Security
--- a/library/pem.c
+++ b/library/pem.c
@ -387,6 +387,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
 void mbedtls_pem_free( mbedtls_pem_context *ctx )
 {
    memset( ctx->buf, 0, ctx->buflen );
    mbedtls_free( ctx->buf );
    mbedtls_free( ctx->info );