Cleanse the key log buffer.

author Pauli <paul.dale@oracle.com>

Mon, 5 Nov 2018 01:04:23 +0000 (11:04 +1000)

committer Pauli <paul.dale@oracle.com>

Mon, 5 Nov 2018 21:08:30 +0000 (07:08 +1000)
author Pauli <paul.dale@oracle.com>
Mon, 5 Nov 2018 01:04:23 +0000 (11:04 +1000)
committer Pauli <paul.dale@oracle.com>
Mon, 5 Nov 2018 21:08:30 +0000 (07:08 +1000)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index ec5b1554f7cc47c20fa6d8344760b395ec5b8912..96b3ed0860733752dc4d1f0f26a3227535c82290 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -5117,7 +5117,7 @@ static int nss_keylog_int(const char *prefix,
       * hexadecimal, so we need a buffer that is twice their lengths.
       */
      prefix_len = strlen(prefix);
-    out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3;
+    out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
      if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
          SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
                   ERR_R_MALLOC_FAILURE);
@@ -5141,7 +5141,7 @@ static int nss_keylog_int(const char *prefix,
      *cursor = '\0';
  
      ssl->ctx->keylog_callback(ssl, (const char *)out);
-    OPENSSL_free(out);
+    OPENSSL_clear_free(out, out_len);
      return 1;
  
  }
author	Pauli <paul.dale@oracle.com>
	Mon, 5 Nov 2018 01:04:23 +0000 (11:04 +1000)
committer	Pauli <paul.dale@oracle.com>
	Mon, 5 Nov 2018 21:08:30 +0000 (07:08 +1000)