1 files changed, 14 insertions, 4 deletions

diff --git a/tools/plink/sshpubk.c b/tools/plink/sshpubk.c
index cf9e44b36..2f8a2be30 100644
--- a/tools/plink/sshpubk.c
+++ b/tools/plink/sshpubk.c
@@ -796,6 +796,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
 	goto error;
     }
     sfree(public_blob);
+    smemclr(private_blob, private_blob_len);
     sfree(private_blob);
     sfree(encryption);
     if (errorstr)
@@ -816,8 +817,10 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
 	sfree(mac);
     if (public_blob)
 	sfree(public_blob);
-    if (private_blob)
-	sfree(private_blob);
+    if (private_blob) {
+        smemclr(private_blob, private_blob_len);
+        sfree(private_blob);
+    }
     if (errorstr)
 	*errorstr = error;
     return ret;
@@ -1106,8 +1109,14 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key,
     }
 
     fp = f_open(filename, "w", TRUE);
-    if (!fp)
-	return 0;
+    if (!fp) {
+        sfree(pub_blob);
+        smemclr(priv_blob, priv_blob_len);
+        sfree(priv_blob);
+        smemclr(priv_blob_encrypted, priv_blob_len);
+        sfree(priv_blob_encrypted);
+        return 0;
+    }
     fprintf(fp, "PuTTY-User-Key-File-2: %s\n", key->alg->name);
     fprintf(fp, "Encryption: %s\n", cipherstr);
     fprintf(fp, "Comment: %s\n", key->comment);
@@ -1124,6 +1133,7 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key,
     sfree(pub_blob);
     smemclr(priv_blob, priv_blob_len);
     sfree(priv_blob);
+    smemclr(priv_blob_encrypted, priv_blob_len);
     sfree(priv_blob_encrypted);
     return 1;
 }