HS 2.0 R2: Clear hs20-osu-client configuration keys explicitly

Use an explicit memset call to clear any hs20-osu-client configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-07-02 01:43:33 +03:00
parent 0a13e06bdb
commit d1ecca6c15
2 changed files with 6 additions and 6 deletions
hs20/client
src/utils

View file

@ -2495,7 +2495,7 @@ static void cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
xml_node_get_text_free(ctx->xml, sub_rem_uri);
xml_node_get_text_free(ctx->xml, cred_username);
os_free(cred_password);
str_clear_free(cred_password);
xml_node_free(ctx->xml, pps);
}
@ -2642,7 +2642,7 @@ static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
xml_node_get_text_free(ctx->xml, uri);
xml_node_get_text_free(ctx->xml, cred_username);
os_free(cred_password);
str_clear_free(cred_password);
xml_node_free(ctx->xml, pps);
return 0;

View file

@ -1368,8 +1368,8 @@ int soap_reinit_client(struct http_ctx *ctx)
client_cert, client_key);
os_free(address);
os_free(ca_fname);
os_free(username);
os_free(password);
str_clear_free(username);
str_clear_free(password);
os_free(client_cert);
os_free(client_key);
return ret;
@ -1487,8 +1487,8 @@ void http_deinit_ctx(struct http_ctx *ctx)
os_free(ctx->svc_address);
os_free(ctx->svc_ca_fname);
os_free(ctx->svc_username);
os_free(ctx->svc_password);
str_clear_free(ctx->svc_username);
str_clear_free(ctx->svc_password);
os_free(ctx->svc_client_cert);
os_free(ctx->svc_client_key);