aboutsummaryrefslogtreecommitdiffstats
path: root/src/rsn_supp
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-12-29 13:41:03 (GMT)
committerJouni Malinen <j@w1.fi>2014-12-29 17:44:51 (GMT)
commitfbfc974c6c4307a61b3b4eaf31923d3533dd52de (patch)
treec06dda712a8e427284991ef5c546e258492d6741 /src/rsn_supp
parent6df19739885be0594390222fdfb59d597c472b65 (diff)
downloadhostap-fbfc974c6c4307a61b3b4eaf31923d3533dd52de.zip
hostap-fbfc974c6c4307a61b3b4eaf31923d3533dd52de.tar.gz
hostap-fbfc974c6c4307a61b3b4eaf31923d3533dd52de.tar.bz2
Clear GTK from memory as soon as it is not needed anymore
It was possible for the decrypted EAPOL-Key Key Data field to remain in heap after the temporary buffer was freed. Explicitly clear that buffer before freeing it to minimize the time GTK remains in memory. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/rsn_supp')
-rw-r--r--src/rsn_supp/wpa.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index c88f1e4..8ea54bb 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1426,6 +1426,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
goto failed;
+ os_memset(&gd, 0, sizeof(gd));
if (rekey) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
@@ -1444,6 +1445,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
return;
failed:
+ os_memset(&gd, 0, sizeof(gd));
wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
}
@@ -1924,7 +1926,7 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
ret = 1;
out:
- os_free(tmp);
+ bin_clear_free(tmp, data_len);
return ret;
}