From 9790719955f666ef3febf57454f5a27238ba949d Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 17 Apr 2026 16:46:43 +0200 Subject: [PATCH] Zeroize sniffer watch key buffer before free F-2143 ssl_SetWatchKey_file loaded a private key file into a heap buffer and freed it without ForceZero on both error and success paths. Zeroize before XFREE. --- src/sniffer.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/sniffer.c b/src/sniffer.c index e8664721b1..6c5eba0b14 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -7242,12 +7242,16 @@ int ssl_SetWatchKey_file(void* vSniffer, const char* keyFile, int keyType, ret = LoadKeyFile(&keyBuf, &keyBufSz, keyFile, 0, keyType, password); if (ret < 0) { SetError(KEY_FILE_STR, error, NULL, 0); + if (keyBuf != NULL) { + ForceZero(keyBuf, keyBufSz); + } XFREE(keyBuf, NULL, DYNAMIC_TYPE_X509); return WOLFSSL_FATAL_ERROR; } ret = ssl_SetWatchKey_buffer(vSniffer, keyBuf, keyBufSz, FILETYPE_DER, error); + ForceZero(keyBuf, keyBufSz); XFREE(keyBuf, NULL, DYNAMIC_TYPE_X509); return ret;