Only zero sensitive information on destruction (and memory actually allocated by us)

1 files changed, 21 insertions, 7 deletions

diff --git a/src/transports/cred.c b/src/transports/cred.c
index 05090ba8a..913ec36cc 100644
--- a/src/transports/cred.c
+++ b/src/transports/cred.c
@@ -30,7 +30,6 @@ static void plaintext_free(struct git_cred *cred)
 		git__free(c->password);
 	}
 
-	git__memzero(c, sizeof(*c));
 	git__free(c);
 }
 
@@ -73,8 +72,13 @@ static void ssh_key_free(struct git_cred *cred)
 		(git_cred_ssh_key *)cred;
 
 	git__free(c->username);
-	git__free(c->publickey);
-	git__free(c->privatekey);
+
+	if (c->privatekey) {
+		/* Zero the memory which previously held the private key */
+		size_t key_len = strlen(c->privatekey);
+		git__memzero(c->privatekey, key_len);
+		git__free(c->privatekey);
+	}
 
 	if (c->passphrase) {
 		/* Zero the memory which previously held the passphrase */
@@ -83,7 +87,13 @@ static void ssh_key_free(struct git_cred *cred)
 		git__free(c->passphrase);
 	}
 
-	git__memzero(c, sizeof(*c));
+	if (c->publickey) {
+		/* Zero the memory which previously held the public key */
+		size_t key_len = strlen(c->publickey);
+		git__memzero(c->publickey, key_len);
+		git__free(c->publickey);
+	}
+
 	git__free(c);
 }
 
@@ -93,7 +103,6 @@ static void ssh_interactive_free(struct git_cred *cred)
 
 	git__free(c->username);
 
-	git__memzero(c, sizeof(*c));
 	git__free(c);
 }
 
@@ -102,9 +111,14 @@ static void ssh_custom_free(struct git_cred *cred)
 	git_cred_ssh_custom *c = (git_cred_ssh_custom *)cred;
 
 	git__free(c->username);
-	git__free(c->publickey);
 
-	git__memzero(c, sizeof(*c));
+	if (c->publickey) {
+		/* Zero the memory which previously held the publickey */
+		size_t key_len = strlen(c->publickey);
+		git__memzero(c->publickey, key_len);
+		git__free(c->publickey);
+	}
+
 	git__free(c);
 }