diff options
author | jsing <> | 2017-05-06 21:34:13 +0000 |
---|---|---|
committer | jsing <> | 2017-05-06 21:34:13 +0000 |
commit | f800e2af932fc15fd1b0f859931d131037126b37 (patch) | |
tree | 23058cc0dc3e32f65d47aff1fb1db04425786d91 | |
parent | 7fdd55381849b52c576c091fe9567074a3b389be (diff) | |
download | openbsd-f800e2af932fc15fd1b0f859931d131037126b37.tar.gz openbsd-f800e2af932fc15fd1b0f859931d131037126b37.tar.bz2 openbsd-f800e2af932fc15fd1b0f859931d131037126b37.zip |
Use freezero() for the tls_load_file() failure case, since we're
potentially dealing with key material. Also switch a calloc to malloc,
since we immediately copy the same amount of data to the newly allocated
buffer.
Diffstat (limited to '')
-rw-r--r-- | src/lib/libtls/tls_util.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libtls/tls_util.c b/src/lib/libtls/tls_util.c index 39504940cf..b7dd5ed472 100644 --- a/src/lib/libtls/tls_util.c +++ b/src/lib/libtls/tls_util.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls_util.c,v 1.7 2017/05/06 21:25:15 jsing Exp $ */ | 1 | /* $OpenBSD: tls_util.c,v 1.8 2017/05/06 21:34:13 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
4 | * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> | 4 | * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> |
@@ -114,7 +114,7 @@ tls_load_file(const char *name, size_t *len, char *password) | |||
114 | char *data; | 114 | char *data; |
115 | uint8_t *buf = NULL; | 115 | uint8_t *buf = NULL; |
116 | struct stat st; | 116 | struct stat st; |
117 | size_t size; | 117 | size_t size = 0; |
118 | int fd = -1; | 118 | int fd = -1; |
119 | ssize_t n; | 119 | ssize_t n; |
120 | 120 | ||
@@ -156,7 +156,7 @@ tls_load_file(const char *name, size_t *len, char *password) | |||
156 | goto fail; | 156 | goto fail; |
157 | if ((size = BIO_get_mem_data(bio, &data)) <= 0) | 157 | if ((size = BIO_get_mem_data(bio, &data)) <= 0) |
158 | goto fail; | 158 | goto fail; |
159 | if ((buf = calloc(1, size)) == NULL) | 159 | if ((buf = malloc(size)) == NULL) |
160 | goto fail; | 160 | goto fail; |
161 | memcpy(buf, data, size); | 161 | memcpy(buf, data, size); |
162 | 162 | ||
@@ -168,9 +168,9 @@ tls_load_file(const char *name, size_t *len, char *password) | |||
168 | return (buf); | 168 | return (buf); |
169 | 169 | ||
170 | fail: | 170 | fail: |
171 | free(buf); | ||
172 | if (fd != -1) | 171 | if (fd != -1) |
173 | close(fd); | 172 | close(fd); |
173 | freezero(buf, size); | ||
174 | BIO_free_all(bio); | 174 | BIO_free_all(bio); |
175 | EVP_PKEY_free(key); | 175 | EVP_PKEY_free(key); |
176 | 176 | ||