diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-02-23 10:10:49 -0500 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-02-23 10:15:21 -0500 |
commit | 4dd8a85bd508c04fbb5f7f0d7ee558a6814e2b0a (patch) | |
tree | dbfaba75fd1dd76e998affd9238434d754f3d7ba | |
parent | b8563185df00693514ad4c5c4883b67049e96ea5 (diff) | |
download | openssl_tpm2_engine-4dd8a85bd508c04fbb5f7f0d7ee558a6814e2b0a.tar.gz |
Fix memory leak of key authorization
The engine never actually frees the memory allocated by the password
input routines. This is not only a memory leak, but also a potential
sensitive data leak, so fix this by doing a clear_free in the teardown
routines if app_data->auth was set.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | tpm2-common.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/tpm2-common.c b/tpm2-common.c index 1184d5a..17159ab 100644 --- a/tpm2-common.c +++ b/tpm2-common.c @@ -1921,6 +1921,9 @@ void tpm2_delete(struct app_data *app_data) OPENSSL_free(app_data->priv); OPENSSL_free(app_data->pub); + if (app_data->auth) + OPENSSL_clear_free(app_data->auth, strlen(app_data->auth)); + tpm2_rm_keyfile(app_data->dir, app_data->parent); /* if key was nv key, flush may not have removed file */ tpm2_rm_keyfile(app_data->dir, app_data->key); |