From ff13995812ce1d62e4bd3404b6af821ef92bc05f Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Wed, 12 Jul 2017 10:38:12 +0100
Subject: [PATCH] Zeroize return buf on failure in pkparse.c

---
 library/pkparse.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/pkparse.c b/library/pkparse.c
index 39c51f648..83c93baa4 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -98,7 +98,10 @@ int pk_load_file( const char *path, unsigned char **buf, size_t *n )
     if( fread( *buf, 1, *n, f ) != *n )
     {
         fclose( f );
+
+        polarssl_zeroize( *buf, *n );
         polarssl_free( *buf );
+
         return( POLARSSL_ERR_PK_FILE_IO_ERROR );
     }