From c0dc5b5d3b2d91d868a3ff7822e46192acc90ed8 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 10:56:39 +0100 Subject: [PATCH] Zeroize tmp buf in ctr_drbg_write_seed_file() --- library/ctr_drbg.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index fe7fb27ae7..f66064ff4f 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -406,9 +406,9 @@ int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path ) else ret = 0; +exit: polarssl_zeroize( buf, sizeof( buf ) ); -exit: fclose( f ); return( ret ); } @@ -428,8 +428,12 @@ int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path ) fseek( f, 0, SEEK_SET ); if( n > CTR_DRBG_MAX_INPUT ) - ret = POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG; - else if( fread( buf, 1, n, f ) != n ) + { + fclose( f ); + return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG ); + } + + if( fread( buf, 1, n, f ) != n ) ret = POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR; else ctr_drbg_update( ctx, buf, n );