Clear last set keys (for testing purposes) from memory explicitly

This makes it easier to scan process memory for key information that is not supposed to remain there after the last use. Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-26 01:10:32 +02:00 · 2022-02-26 01:10:32 +02:00 · af1f0694e1
commit af1f0694e1
parent 6c850a1c06
2 changed files with 7 additions and 0 deletions
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@ -410,6 +410,7 @@ void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)

 #ifdef CONFIG_TESTING_OPTIONS
 	os_free(sta->sae_postponed_commit);
+	forced_memzero(sta->last_tk, WPA_TK_MAX_LEN);
 #endif /* CONFIG_TESTING_OPTIONS */

 	os_free(sta);
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@ -1631,4 +1631,10 @@ void hostapd_deinit_wpa(struct hostapd_data *hapd)
 	hapd->l2 = NULL;
 	hostapd_wpa_unregister_ft_oui(hapd);
 #endif /* CONFIG_IEEE80211R_AP */
+
+#ifdef CONFIG_TESTING_OPTIONS
+	forced_memzero(hapd->last_gtk, WPA_GTK_MAX_LEN);
+	forced_memzero(hapd->last_igtk, WPA_IGTK_MAX_LEN);
+	forced_memzero(hapd->last_bigtk, WPA_BIGTK_MAX_LEN);
+#endif /* CONFIG_TESTING_OPTIONS */
 }