From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 28 Jul 2015 15:13:29 +0000 (+0100)
Subject: cleanse psk_identity on error
X-Git-Tag: OpenSSL_1_1_0-pre1~875
X-Git-Url: https://git.openssl.org/gitweb/?a=commitdiff_plain;h=3df16cc2e27f75eac2c0991248b0c294e2c847b5;hp=a784665e52735f77a64d01216d7535834278c27c;p=openssl.git

cleanse psk_identity on error

Reviewed-by: Matt Caswell <matt@openssl.org>
---

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d5bcf54280..080dbf0f18 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2391,8 +2391,10 @@ int ssl3_send_client_key_exchange(SSL *s)
             s->s3->tmp.psk = BUF_memdup(psk, psklen);
             OPENSSL_cleanse(psk, psklen);
 
-            if (s->s3->tmp.psk == NULL)
+            if (s->s3->tmp.psk == NULL) {
+                OPENSSL_cleanse(identity, sizeof(identity));
                 goto memerr;
+            }
 
             s->s3->tmp.psklen = psklen;
 
@@ -2404,8 +2406,10 @@ int ssl3_send_client_key_exchange(SSL *s)
             }
             OPENSSL_free(s->session->psk_identity);
             s->session->psk_identity = BUF_strdup(identity);
-            if (s->session->psk_identity == NULL)
+            if (s->session->psk_identity == NULL) {
+                OPENSSL_cleanse(identity, sizeof(identity));
                 goto memerr;
+            }
 
             s2n(identitylen, p);
             memcpy(p, identity, identitylen);