F-2971 - https://fenrir.wolfssl.com/finding/2971 - Add ForceZero on session auth in wolfTPM2_UnloadHandles before return

aidangarske · aidangarske · commit 881772c5f329 · 2026-04-14T12:23:03.000-07:00
diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
@@ -7036,6 +7036,7 @@ int wolfTPM2_UnloadHandles(WOLFTPM2_DEV* dev, word32 handleStart,
         /* ignore return code failures */
         (void)wolfTPM2_UnloadHandle(dev, &handle);
     }
+    TPM2_ForceZero(&handle, sizeof(handle));
     return rc;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -7036,6 +7036,7 @@ int wolfTPM2_UnloadHandles(WOLFTPM2_DEV* dev, word32 handleStart,`
`7036`	`7036`	`/* ignore return code failures */`
`7037`	`7037`	`(void)wolfTPM2_UnloadHandle(dev, &handle);`
`7038`	`7038`	`}`
	`7039`	`+ TPM2_ForceZero(&handle, sizeof(handle));`
`7039`	`7040`	`return rc;`
`7040`	`7041`	`}`
`7041`	`7042`