diff options
| author | Glenn Strauss <gstrauss@gluelogic.com> | 2021-01-17 14:52:12 -0500 |
|---|---|---|
| committer | Glenn Strauss <gstrauss@gluelogic.com> | 2021-01-17 14:52:12 -0500 |
| commit | 755f895b797a284ed7e0be76f48cf1388928cb6f (patch) | |
| tree | 323f380148c12f58b3f59d7ed6d0afb7f143cd3a | |
| parent | a16488269d9307f2885dd7614a61dffbdc79362b (diff) | |
| download | lighttpd-git-755f895b797a284ed7e0be76f48cf1388928cb6f.tar.gz | |
[mod_wolfssl] wipe ssl_pemfile_pkey before free()
| -rw-r--r-- | src/mod_wolfssl.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/mod_wolfssl.c b/src/mod_wolfssl.c index 0dbda920..2435a91a 100644 --- a/src/mod_wolfssl.c +++ b/src/mod_wolfssl.c @@ -566,6 +566,8 @@ mod_openssl_free_config (server *srv, plugin_data * const p) case 0: /* ssl.pemfile */ if (cpv->vtype == T_CONFIG_LOCAL) { plugin_cert *pc = cpv->v.v; + wolfSSL_OPENSSL_cleanse(pc->ssl_pemfile_pkey->ptr, + pc->ssl_pemfile_pkey->size); buffer_free(pc->ssl_pemfile_pkey); /*buffer_free(pc->ssl_pemfile_x509);*//*(part of chain)*/ mod_wolfssl_free_der_certs(pc->ssl_pemfile_chain); @@ -744,7 +746,10 @@ mod_wolfssl_evp_pkey_load_pem_file (const char *fn, log_error_st *errh) if (rc < 0) { log_error(errh, __FILE__, __LINE__, "%s() %s", __func__, fn); - buffer_free(pkey); + if (pkey) { + wolfSSL_OPENSSL_cleanse(pkey->ptr, pkey->size) + buffer_free(pkey); + } return NULL; } @@ -1683,7 +1688,10 @@ mod_openssl_acme_tls_1 (SSL *ssl, handler_ctx *hctx) rc = SSL_TLSEXT_ERR_OK; } while (0); - if (ssl_pemfile_pkey) buffer_free(ssl_pemfile_pkey); + if (ssl_pemfile_pkey) { + wolfSSL_OPENSSL_cleanse(b->ptr, b->size) + buffer_free(ssl_pemfile_pkey); + } /*if (ssl_pemfile_x509) buffer_free(ssl_pemfile_x509);*//*(part of chain)*/ mod_wolfssl_free_der_certs(ssl_pemfile_chain); |