Add zeroization in wolfSSH_ProcessBuffer

padelsbach · ejohnstown · commit 90c0ee6a7cde · 2026-04-21T16:25:12.000-07:00
diff --git a/src/internal.c b/src/internal.c
@@ -2418,6 +2418,11 @@ int wolfSSH_ProcessBuffer(WOLFSSH_CTX* ctx,
         else
             ret = wc_CertPemToDer(in, inSz, der, inSz, wcType);
         if (ret < 0) {
+            if (type == BUFTYPE_PRIVKEY) {
+                /* wc_KeyPemToDer may have written partial key material;
+                 * zeroize before free on the private-key path. */
+                ForceZero(der, inSz);
+            }
             WFREE(der, heap, dynamicType);
             return WS_BAD_FILE_E;
         }
@@ -2433,8 +2438,10 @@ int wolfSSH_ProcessBuffer(WOLFSSH_CTX* ctx,
     if (type == BUFTYPE_PRIVKEY) {
         ret = IdentifyAsn1Key(der, derSz, 1, ctx->heap, NULL);
         if (ret < 0) {
-            if (der != NULL)
+            if (der != NULL) {
+                ForceZero(der, derSz);
                 WFREE(der, heap, dynamicType);
+            }
             return ret;
         }
         keyId = (byte)ret;
