From e7cea41db1f0a0106619ce2b35ff8797563a8c03 Mon Sep 17 00:00:00 2001
From: tedu <tedu@openbsd.org>
Date: Sun, 10 Jul 2016 23:07:34 +0000
Subject: [PATCH] zero the read buffer after copying data to user so it doesn't
 linger. ok beck

---
 lib/libssl/s3_pkt.c         | 3 ++-
 lib/libssl/src/ssl/s3_pkt.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c
index 153b37612f7..0e97be6728b 100644
--- a/lib/libssl/s3_pkt.c
+++ b/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_pkt.c,v 1.57 2015/09/12 16:10:07 doug Exp $ */
+/* $OpenBSD: s3_pkt.c,v 1.58 2016/07/10 23:07:34 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -956,6 +956,7 @@ start:
 
 		memcpy(buf, &(rr->data[rr->off]), n);
 		if (!peek) {
+			memset(&(rr->data[rr->off]), 0, n);
 			rr->length -= n;
 			rr->off += n;
 			if (rr->length == 0) {
diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c
index 153b37612f7..0e97be6728b 100644
--- a/lib/libssl/src/ssl/s3_pkt.c
+++ b/lib/libssl/src/ssl/s3_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_pkt.c,v 1.57 2015/09/12 16:10:07 doug Exp $ */
+/* $OpenBSD: s3_pkt.c,v 1.58 2016/07/10 23:07:34 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -956,6 +956,7 @@ start:
 
 		memcpy(buf, &(rr->data[rr->off]), n);
 		if (!peek) {
+			memset(&(rr->data[rr->off]), 0, n);
 			rr->length -= n;
 			rr->off += n;
 			if (rr->length == 0) {
-- 
2.20.1