From 2d829fb4b367427749727aeabb1bbfbd0f244567 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Wed, 12 Jul 2017 11:01:32 +0100
Subject: [PATCH] Zeroize buf if mbedtls_base64_decode() fails

---
 library/pem.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/library/pem.c b/library/pem.c
index 611c788fdc..789a92d511 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -333,6 +333,7 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
 
     if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
     {
+        polarssl_zeroize( buf, len );
         polarssl_free( buf );
         return( POLARSSL_ERR_PEM_INVALID_DATA + ret );
     }