From b7d7a6be3a81989c30e9498db6d883a839184f9c Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 11 Jul 2023 11:44:35 +0200
Subject: [PATCH] pki: Make sure to wipe decrypted PKCS#7 data

---
 src/pki/commands/pkcs7.c | 3 +--
 src/pki/commands/scep.c  | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/pki/commands/pkcs7.c b/src/pki/commands/pkcs7.c
index 8d3528fdc1..074beeab51 100644
--- a/src/pki/commands/pkcs7.c
+++ b/src/pki/commands/pkcs7.c
@@ -235,8 +235,7 @@ static int decrypt(chunk_t chunk)
 	container->destroy(container);
 
 	write_to_stream(stdout, data);
-	free(data.ptr);
-
+	chunk_clear(&data);
 	return 0;
 }
 
diff --git a/src/pki/commands/scep.c b/src/pki/commands/scep.c
index f5cc93084d..a1f0530a99 100644
--- a/src/pki/commands/scep.c
+++ b/src/pki/commands/scep.c
@@ -587,7 +587,7 @@ end:
 	if (status == 0)
 	{
 		status = pki_cert_extract_cert(data, form) ? 0 : 1;
-		chunk_free(&data);
+		chunk_clear(&data);
 	}
 
 err:
-- 
2.47.2