From c1c32bda14cbcf140b9a45deb59248acb5d79c06 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 31 Aug 2018 16:52:33 +0200
Subject: [PATCH] buffer: Rewrite ssh_buffer_free()

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/buffer.c | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/src/buffer.c b/src/buffer.c
index c4fdc752..f9bf772d 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -129,19 +129,23 @@ struct ssh_buffer_struct *ssh_buffer_new(void) {
  *
  * \param[in]  buffer   The buffer to free.
  */
-void ssh_buffer_free(struct ssh_buffer_struct *buffer) {
-  if (buffer == NULL) {
-    return;
-  }
-  buffer_verify(buffer);
+void ssh_buffer_free(struct ssh_buffer_struct *buffer)
+{
+    if (buffer == NULL) {
+        return;
+    }
+    buffer_verify(buffer);
 
-  if (buffer->data) {
-    /* burn the data */
-    explicit_bzero(buffer->data, buffer->allocated);
-    SAFE_FREE(buffer->data);
-  }
-  explicit_bzero(buffer, sizeof(struct ssh_buffer_struct));
-  SAFE_FREE(buffer);
+    if (buffer->secure && buffer->allocated > 0) {
+        /* burn the data */
+        explicit_bzero(buffer->data, buffer->allocated);
+        SAFE_FREE(buffer->data);
+
+        explicit_bzero(buffer, sizeof(struct ssh_buffer_struct));
+    } else {
+        SAFE_FREE(buffer->data);
+    }
+    SAFE_FREE(buffer);
 }
 
 /**