From: Pauli <paul.dale@oracle.com>
Date: Mon, 5 Nov 2018 01:04:23 +0000 (+1000)
Subject: Cleanse the key log buffer.
X-Git-Tag: openssl-3.0.0-alpha1~2942
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e931f370aa38d8645b35fb8d6260cb44d37b6b61;p=oweals%2Fopenssl.git

Cleanse the key log buffer.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7564)
---

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 846b856af4..485e17e73b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -5115,7 +5115,7 @@ static int nss_keylog_int(const char *prefix,
      * hexadecimal, so we need a buffer that is twice their lengths.
      */
     prefix_len = strlen(prefix);
-    out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3;
+    out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
     if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
         SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
                  ERR_R_MALLOC_FAILURE);
@@ -5139,7 +5139,7 @@ static int nss_keylog_int(const char *prefix,
     *cursor = '\0';
 
     ssl->ctx->keylog_callback(ssl, (const char *)out);
-    OPENSSL_free(out);
+    OPENSSL_clear_free(out, out_len);
     return 1;
 
 }