cleanse psk_identity on error

Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-07-28 16:13:29 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2015-07-30 14:55:34 +0100
commit: 3df16cc2e27f75eac2c0991248b0c294e2c847b5 (patch)
tree: 97e60a2d66fe22324772d1bc1250bbd82b797a11 /ssl
parent: a784665e52735f77a64d01216d7535834278c27c (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d5bcf54280..080dbf0f18 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2391,8 +2391,10 @@ int ssl3_send_client_key_exchange(SSL *s)
             s->s3->tmp.psk = BUF_memdup(psk, psklen);
             OPENSSL_cleanse(psk, psklen);
 
-            if (s->s3->tmp.psk == NULL)
+            if (s->s3->tmp.psk == NULL) {
+                OPENSSL_cleanse(identity, sizeof(identity));
                 goto memerr;
+            }
 
             s->s3->tmp.psklen = psklen;
 
@@ -2404,8 +2406,10 @@ int ssl3_send_client_key_exchange(SSL *s)
             }
             OPENSSL_free(s->session->psk_identity);
             s->session->psk_identity = BUF_strdup(identity);
-            if (s->session->psk_identity == NULL)
+            if (s->session->psk_identity == NULL) {
+                OPENSSL_cleanse(identity, sizeof(identity));
                 goto memerr;
+            }
 
             s2n(identitylen, p);
             memcpy(p, identity, identitylen);
author	Dr. Stephen Henson <steve@openssl.org>	2015-07-28 16:13:29 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2015-07-30 14:55:34 +0100
commit	3df16cc2e27f75eac2c0991248b0c294e2c847b5 (patch)
tree	97e60a2d66fe22324772d1bc1250bbd82b797a11 /ssl
parent	a784665e52735f77a64d01216d7535834278c27c (diff)