From 0c9a06b9555bf48b07f5d69ec78ac835510676cf Mon Sep 17 00:00:00 2001
From: Ismael Luceno <ismael@iodev.co.uk>
Date: Mon, 18 Apr 2022 19:04:44 +0200
Subject: [PATCH 2/5] Fix cleanup of shared secret

Signed-off-by: Ismael Luceno <ismael@iodev.co.uk>
---
 vpnc.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/vpnc.c b/vpnc.c
index 39eb40e86fa5..8bb52f95a96f 100644
--- a/vpnc.c
+++ b/vpnc.c
@@ -1899,7 +1899,7 @@ static void do_phase1_am(const char *key_id, const char *shared_key, struct sa_b
 			gcry_md_close(hm);
 			hex_dump("skeyid_e", skeyid_e, s->ike.md_len, NULL);
 
-			memset(dh_shared_secret, 0, sizeof(dh_shared_secret));
+			memset(dh_shared_secret, 0, dh_getlen(dh_grp));
 			free(dh_shared_secret);
 
 			/* Determine the IKE encryption key.  */
@@ -2095,6 +2095,7 @@ static void do_phase1_am(const char *key_id, const char *shared_key, struct sa_b
 #endif
 	free(returned_hash);
 	free(dh_public);
+	memset(dh_shared_secret, 0, dh_getlen(dh_grp));
 	free(dh_shared_secret);
 	free(psk_hash);
 	group_free(dh_grp);
@@ -2856,9 +2857,11 @@ static void do_phase2_qm(struct sa_block *s)
 			dh_shared_secret, dh_grp ? dh_getlen(dh_grp) : 0,
 			nonce_i, sizeof(nonce_i), nonce_r->u.nonce.data, nonce_r->u.nonce.length);
 		
-		if (dh_grp)
+		if (dh_grp) {
+			memset(dh_shared_secret, 0, dh_getlen(dh_grp));
+			free(dh_shared_secret);
 			group_free(dh_grp);
-		free(dh_shared_secret);
+		}
 		free_isakmp_packet(r);
 		
 		if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) {
-- 
2.35.3