From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 30 Sep 2021 10:03:42 +0000 (+0200)
Subject: pem: Clear chunks after decrypting files
X-Git-Tag: 5.9.4dr3~10
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=66e80f3d1bcdb2182261101da54c87a1a085bce1;p=thirdparty%2Fstrongswan.git

pem: Clear chunks after decrypting files
---

diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index 3b84eb7eaf..9ca96a4d21 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -147,7 +147,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
 	}
 	crypter->destroy(crypter);
 	memcpy(blob->ptr, decrypted.ptr, blob->len);
-	chunk_free(&decrypted);
+	chunk_clear(&decrypted);
 
 	/* determine amount of padding */
 	last_padding_pos = blob->ptr + blob->len - 1;
@@ -354,7 +354,7 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp)
 			memcpy(blob->ptr, chunk.ptr, chunk.len);
 			blob->len = chunk.len;
 		}
-		free(chunk.ptr);
+		chunk_clear(&chunk);
 		if (status != INVALID_ARG)
 		{	/* try again only if passphrase invalid */
 			break;