From 9de3d8792242bda77ba3697a6a7a20f531f70671 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 6 May 2017 21:34:13 +0000 Subject: Use freezero() for the tls_load_file() failure case, since we're potentially dealing with key material. Also switch a calloc to malloc, since we immediately copy the same amount of data to the newly allocated buffer. --- src/lib/libtls/tls_util.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libtls/tls_util.c b/src/lib/libtls/tls_util.c index 39504940cf..b7dd5ed472 100644 --- a/src/lib/libtls/tls_util.c +++ b/src/lib/libtls/tls_util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_util.c,v 1.7 2017/05/06 21:25:15 jsing Exp $ */ +/* $OpenBSD: tls_util.c,v 1.8 2017/05/06 21:34:13 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * Copyright (c) 2015 Reyk Floeter @@ -114,7 +114,7 @@ tls_load_file(const char *name, size_t *len, char *password) char *data; uint8_t *buf = NULL; struct stat st; - size_t size; + size_t size = 0; int fd = -1; ssize_t n; @@ -156,7 +156,7 @@ tls_load_file(const char *name, size_t *len, char *password) goto fail; if ((size = BIO_get_mem_data(bio, &data)) <= 0) goto fail; - if ((buf = calloc(1, size)) == NULL) + if ((buf = malloc(size)) == NULL) goto fail; memcpy(buf, data, size); @@ -168,9 +168,9 @@ tls_load_file(const char *name, size_t *len, char *password) return (buf); fail: - free(buf); if (fd != -1) close(fd); + freezero(buf, size); BIO_free_all(bio); EVP_PKEY_free(key); -- cgit v1.2.3-55-g6feb