From 82f3549fe2c841d4b0cc6355a4e7519c838f0bd4 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Thu, 4 Oct 2012 14:45:10 +0200
Subject: [PATCH] Fix leak of PINs from ipsec.secrets

---
 src/libcharon/plugins/stroke/stroke_cred.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index ebc09c0d5..5ecaa35ef 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -666,7 +666,7 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr,
 		free(secret.ptr);
 		if (!prompt)
 		{	/* no IO channel to prompt, skip */
-			free(chunk.ptr);
+			chunk_clear(&chunk);
 			return TRUE;
 		}
 		/* use callback credential set to prompt for the pin */
@@ -719,6 +719,7 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr,
 		lib->credmgr->remove_local_set(lib->credmgr, &cb->set);
 		cb->destroy(cb);
 	}
+	chunk_clear(&chunk);
 
 	if (key)
 	{