From 8e35141996b2cefdd01eda47240d4a410a88388e Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 8 Feb 2018 10:03:19 +0000
Subject: Ensure that tls_keypair_clear() clears the OCSP staple and pubkey
 hash.

---
 src/lib/libtls/tls_keypair.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/lib/libtls/tls_keypair.c b/src/lib/libtls/tls_keypair.c
index 2ab584bbcd..57068047de 100644
--- a/src/lib/libtls/tls_keypair.c
+++ b/src/lib/libtls/tls_keypair.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_keypair.c,v 1.2 2018/02/08 08:09:10 jsing Exp $ */
+/* $OpenBSD: tls_keypair.c,v 1.3 2018/02/08 10:03:19 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -90,6 +90,10 @@ tls_keypair_clear(struct tls_keypair *keypair)
 {
 	tls_keypair_set_cert_mem(keypair, NULL, 0);
 	tls_keypair_set_key_mem(keypair, NULL, 0);
+	tls_keypair_set_ocsp_staple_mem(keypair, NULL, 0);
+
+	free(keypair->pubkey_hash);
+	keypair->pubkey_hash = NULL;
 }
 
 void
@@ -100,11 +104,6 @@ tls_keypair_free(struct tls_keypair *keypair)
 
 	tls_keypair_clear(keypair);
 
-	free(keypair->cert_mem);
-	free(keypair->key_mem);
-	free(keypair->ocsp_staple);
-	free(keypair->pubkey_hash);
-
 	free(keypair);
 }
 
-- 
cgit v1.2.3-55-g6feb