1 files changed, 7 insertions, 2 deletions
diff --git a/openpgp/src/crypto/mem.rs b/openpgp/src/crypto/mem.rs
index 972e9a70..f8a963f0 100644
--- a/openpgp/src/crypto/mem.rs
+++ b/openpgp/src/crypto/mem.rs
@@ -339,9 +339,14 @@ mod has_access_to_prekey {
                                      Self::sealing_key(&self.salt),
                                      Box::new(ciphertext))
                 .expect("Mandatory algorithm unsupported");
-            io::copy(&mut decryptor, &mut plaintext)
-                .expect("Encrypted memory modified or corrupted");
+
+            // Be careful not to leak partially decrypted plain text.
+            let r = io::copy(&mut decryptor, &mut plaintext);
             let plaintext: Protected = plaintext.into();
+            if r.is_err() {
+                drop(plaintext); // Securely erase partial plaintext.
+                panic!("Encrypted memory modified or corrupted");
+            }
             fun(&plaintext)
         }
     }