EAP peer: Clear keying material on deinit

Reduce the amount of time keying material (MSK, EMSK, temporary private data) remains in memory in EAP methods. This provides additional protection should there be any issues that could expose process memory to external observers. Signed-off-by: Jouni Malinen <j@w1.fi>
author: Jouni Malinen <j@w1.fi> 2014-06-29 18:16:30 (GMT)
committer: Jouni Malinen <j@w1.fi> 2014-07-02 09:38:48 (GMT)
commit: f534ee0804dc8d77434d2b534a118e86bd597694 (patch)
tree: ca115c0a59a991135bb28c4772d8b6e18746d6ad /src/eap_peer/eap_pwd.c
parent: 19c48da06b6980915e97a84ea8387a9db858c662 (diff)
download: hostap-f534ee0804dc8d77434d2b534a118e86bd597694.zip
hostap-f534ee0804dc8d77434d2b534a118e86bd597694.tar.gz
hostap-f534ee0804dc8d77434d2b534a118e86bd597694.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index fec3224..bdcca0b 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -157,7 +157,7 @@ static void eap_pwd_deinit(struct eap_sm *sm, void *priv)
 	EC_POINT_free(data->server_element);
 	os_free(data->id_peer);
 	os_free(data->id_server);
-	os_free(data->password);
+	bin_clear_free(data->password, data->password_len);
 	if (data->grp) {
 		EC_GROUP_free(data->grp->group);
 		EC_POINT_free(data->grp->pwe);
@@ -167,7 +167,7 @@ static void eap_pwd_deinit(struct eap_sm *sm, void *priv)
 	}
 	wpabuf_free(data->inbuf);
 	wpabuf_free(data->outbuf);
-	os_free(data);
+	bin_clear_free(data, sizeof(*data));
 }
author	Jouni Malinen <j@w1.fi>	2014-06-29 18:16:30 (GMT)
committer	Jouni Malinen <j@w1.fi>	2014-07-02 09:38:48 (GMT)
commit	f534ee0804dc8d77434d2b534a118e86bd597694 (patch)
tree	ca115c0a59a991135bb28c4772d8b6e18746d6ad /src/eap_peer/eap_pwd.c
parent	19c48da06b6980915e97a84ea8387a9db858c662 (diff)
download	hostap-f534ee0804dc8d77434d2b534a118e86bd597694.zip hostap-f534ee0804dc8d77434d2b534a118e86bd597694.tar.gz hostap-f534ee0804dc8d77434d2b534a118e86bd597694.tar.bz2