Set PEM buffer to zero before freeing it

Set PEM buffer to zero before freeing it, to avoid private keys being leaked to memory after releasing it.
2025-07-29 11:41:15 +03:00 · 2017-09-05 15:34:35 +03:00
parent 72ea31b026
commit 31162e4423
2 changed files with 7 additions and 0 deletions
--- a/library/pem.c
+++ b/library/pem.c
@ -387,6 +387,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const

 void mbedtls_pem_free( mbedtls_pem_context *ctx )
 {
+    memset( ctx->buf, 0, ctx->buflen );
    mbedtls_free( ctx->buf );
    mbedtls_free( ctx->info );