diff options
| author |   jsing <jsing@openbsd.org> | 2017-05-06 21:34:13 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-05-06 21:34:13 +0000 |
| commit | 54356a5d711c8d80e4edec59da532ab29b95e04d (patch) | |
| tree | 322f1c80daa65713fd63dee149d51c6bde3f0605 /lib/libtls/tls_util.c | |
| parent | BIO_free_all() and EVP_PKEY_free() can be called with NULL. (diff) | |
| download | wireguard-openbsd-54356a5d711c8d80e4edec59da532ab29b95e04d.tar.xz wireguard-openbsd-54356a5d711c8d80e4edec59da532ab29b95e04d.zip | |
Use freezero() for the tls_load_file() failure case, since we're
potentially dealing with key material. Also switch a calloc to malloc,
since we immediately copy the same amount of data to the newly allocated
buffer.
Diffstat (limited to 'lib/libtls/tls_util.c')
| -rw-r--r-- | lib/libtls/tls_util.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/libtls/tls_util.c b/lib/libtls/tls_util.c index 39504940cf6..b7dd5ed472c 100644 --- a/lib/libtls/tls_util.c +++ b/lib/libtls/tls_util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_util.c,v 1.7 2017/05/06 21:25:15 jsing Exp $ */ +/* $OpenBSD: tls_util.c,v 1.8 2017/05/06 21:34:13 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> @@ -114,7 +114,7 @@ tls_load_file(const char *name, size_t *len, char *password) char *data; uint8_t *buf = NULL; struct stat st; - size_t size; + size_t size = 0; int fd = -1; ssize_t n; @@ -156,7 +156,7 @@ tls_load_file(const char *name, size_t *len, char *password) goto fail; if ((size = BIO_get_mem_data(bio, &data)) <= 0) goto fail; - if ((buf = calloc(1, size)) == NULL) + if ((buf = malloc(size)) == NULL) goto fail; memcpy(buf, data, size); @@ -168,9 +168,9 @@ tls_load_file(const char *name, size_t *len, char *password) return (buf); fail: - free(buf); if (fd != -1) close(fd); + freezero(buf, size); BIO_free_all(bio); EVP_PKEY_free(key); |