aboutsummaryrefslogtreecommitdiffstats
path: root/src/radius
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-07-01 22:45:45 (GMT)
committerJouni Malinen <j@w1.fi>2014-07-02 09:38:48 (GMT)
commitb7175b4d02d11b5450e9743f1b9728ed6aa2ec23 (patch)
tree6400f1d1d4c0be2759b06c0ff19bcd7d23a095a4 /src/radius
parentd1ecca6c15311ff192841e78ebf2b338f2fc31cd (diff)
downloadhostap-b7175b4d02d11b5450e9743f1b9728ed6aa2ec23.zip
hostap-b7175b4d02d11b5450e9743f1b9728ed6aa2ec23.tar.gz
hostap-b7175b4d02d11b5450e9743f1b9728ed6aa2ec23.tar.bz2
Clear hostapd configuration keys explicitly
Use an explicit memset call to clear any hostapd configuration parameter that contains private information like keys or identity. This brings in an additional layer of protection by reducing the length of time this type of private data is kept in memory. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/radius')
-rw-r--r--src/radius/radius_server.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 00ad6af..24348a3 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -623,7 +623,7 @@ radius_server_get_new_session(struct radius_server_data *data,
os_memset(&tmp, 0, sizeof(tmp));
res = data->get_eap_user(data->conf_ctx, user, user_len, 0, &tmp);
- os_free(tmp.password);
+ bin_clear_free(tmp.password, tmp.password_len);
if (res != 0) {
RADIUS_DEBUG("User-Name not found from user database");
@@ -852,7 +852,7 @@ radius_server_macacl(struct radius_server_data *data,
os_strlen(sess->username), 0, &tmp);
if (res || !tmp.macacl || tmp.password == NULL) {
RADIUS_DEBUG("No MAC ACL user entry");
- os_free(tmp.password);
+ bin_clear_free(tmp.password, tmp.password_len);
code = RADIUS_CODE_ACCESS_REJECT;
} else {
u8 buf[128];
@@ -861,7 +861,7 @@ radius_server_macacl(struct radius_server_data *data,
(u8 *) client->shared_secret,
client->shared_secret_len,
buf, sizeof(buf));
- os_free(tmp.password);
+ bin_clear_free(tmp.password, tmp.password_len);
if (res < 0 || pw_len != (size_t) res ||
os_memcmp_const(pw, buf, res) != 0) {