From 2939c3ace1147b7cb0c3e9a03e87e7591919a8d1 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Thu, 31 Mar 2016 13:25:39 -0600
Subject: [PATCH] add ssl_FreeZeroDecode() to sniffer.c

---
 src/sniffer.c                         | 13 +++++++++++++
 sslSniffer/sslSnifferTest/snifftest.c |  4 ++--
 wolfssl/sniffer.h                     |  4 ++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index 783003cde..4a9f18570 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -3245,10 +3245,23 @@ int ssl_DecodePacket(const byte* packet, int length, byte** data, char* error)
 /* Deallocator for the decoded data buffer. */
 /* returns 0 on success, -1 on error */
 int ssl_FreeDecodeBuffer(byte** data, char* error)
+{
+    return ssl_FreeZeroDecodeBuffer(data, 0, error);
+}
+
+
+/* Deallocator for the decoded data buffer, zeros out buffer. */
+/* returns 0 on success, -1 on error */
+int ssl_FreeZeroDecodeBuffer(byte** data, int sz, char* error)
 {
     (void)error;
 
+    if (sz < 0) {
+        return -1;
+    }
+
     if (data != NULL) {
+        ForceZero(*data, (word32)sz);
         free(*data);
         *data = NULL;
     }
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 58881498a..5e7757bde 100644
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -313,8 +313,8 @@ int main(int argc, char** argv)
             }
             if (ret > 0) {
                 data[ret] = 0;
-				printf("SSL App Data(%d:%d):%s\n", packetNumber, ret, data);
-                ssl_FreeDecodeBuffer(&data, err);
+                printf("SSL App Data(%d:%d):%s\n", packetNumber, ret, data);
+                ssl_FreeZeroDecodeBuffer(&data, ret, err);
             }
         }
         else if (saveFile)
diff --git a/wolfssl/sniffer.h b/wolfssl/sniffer.h
index 57d144fa6..9773f7987 100644
--- a/wolfssl/sniffer.h
+++ b/wolfssl/sniffer.h
@@ -62,6 +62,10 @@ SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length,
 WOLFSSL_API
 SSL_SNIFFER_API int ssl_FreeDecodeBuffer(unsigned char** data, char* error);
 
+WOLFSSL_API
+SSL_SNIFFER_API int ssl_FreeZeroDecodeBuffer(unsigned char** data, int sz,
+                                             char* error);
+
 WOLFSSL_API
 SSL_SNIFFER_API int ssl_Trace(const char* traceFile, char* error);