From f148312db4580e835996ebf8ad60dfd1092a67d5 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Wed, 12 Jul 2017 10:21:30 +0100
Subject: [PATCH] Zeroize tmp buf on fail in load_file() dhm.c

---
 library/dhm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/dhm.c b/library/dhm.c
index 0a4f82028..6109e0a7a 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -532,7 +532,10 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
     if( fread( *buf, 1, *n, f ) != *n )
     {
         fclose( f );
+
+        polarssl_zeroize( *buf, *n + 1 );
         polarssl_free( *buf );
+
         return( POLARSSL_ERR_DHM_FILE_IO_ERROR );
     }