Merge pull request #371 from cconlon/sniffer-fix

Extra cleanup in sniffer.c with ForceZero
2016-04-01 13:39:29 -07:00
parent 63b1282e67 2939c3ace1
commit 29194bd977
3 changed files with 21 additions and 2 deletions
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -1082,6 +1082,7 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
                ret = 0;
        }

+        ForceZero(loadBuf, (word32)fileSz);
        free(loadBuf);

        *keyBuf = saveBuf;
@@ -3093,6 +3094,7 @@ doPart:
                         * wants to null terminate plaintext */
                        tmpData = (byte*)realloc(*data, decoded + ret + 1);
                        if (tmpData == NULL) {
+                            ForceZero(*data, decoded);
                            free(*data);
                            *data = NULL;
                            SetError(MEMORY_STR, error, session,
@@ -3243,10 +3245,23 @@ int ssl_DecodePacket(const byte* packet, int length, byte** data, char* error)
 /* Deallocator for the decoded data buffer. */
 /* returns 0 on success, -1 on error */
 int ssl_FreeDecodeBuffer(byte** data, char* error)
+{
+    return ssl_FreeZeroDecodeBuffer(data, 0, error);
+}
+
+
+/* Deallocator for the decoded data buffer, zeros out buffer. */
+/* returns 0 on success, -1 on error */
+int ssl_FreeZeroDecodeBuffer(byte** data, int sz, char* error)
 {
    (void)error;

+    if (sz < 0) {
+        return -1;
+    }
+
    if (data != NULL) {
+        ForceZero(*data, (word32)sz);
        free(*data);
        *data = NULL;
    }
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -314,7 +314,7 @@ int main(int argc, char** argv)
            if (ret > 0) {
                data[ret] = 0;
                printf("SSL App Data(%d:%d):%s\n", packetNumber, ret, data);
-                ssl_FreeDecodeBuffer(&data, err);
+                ssl_FreeZeroDecodeBuffer(&data, ret, err);
            }
        }
        else if (saveFile)
--- a/wolfssl/sniffer.h
+++ b/wolfssl/sniffer.h
@@ -62,6 +62,10 @@ SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length,
 WOLFSSL_API
 SSL_SNIFFER_API int ssl_FreeDecodeBuffer(unsigned char** data, char* error);

+WOLFSSL_API
+SSL_SNIFFER_API int ssl_FreeZeroDecodeBuffer(unsigned char** data, int sz,
+                                             char* error);
+
 WOLFSSL_API
 SSL_SNIFFER_API int ssl_Trace(const char* traceFile, char* error);