Clear GTK from memory as soon as it is not needed anymore
It was possible for the decrypted EAPOL-Key Key Data field to remain in heap after the temporary buffer was freed. Explicitly clear that buffer before freeing it to minimize the time GTK remains in memory. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
6df1973988
commit
fbfc974c6c
1 changed files with 3 additions and 1 deletions
|
|
@ -1426,6 +1426,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
|
||||||
if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
|
if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
|
||||||
wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
|
wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
|
||||||
goto failed;
|
goto failed;
|
||||||
|
os_memset(&gd, 0, sizeof(gd));
|
||||||
|
|
||||||
if (rekey) {
|
if (rekey) {
|
||||||
wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
|
wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
|
||||||
|
|
@ -1444,6 +1445,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
|
||||||
return;
|
return;
|
||||||
|
|
||||||
failed:
|
failed:
|
||||||
|
os_memset(&gd, 0, sizeof(gd));
|
||||||
wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
|
wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1924,7 +1926,7 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
|
||||||
ret = 1;
|
ret = 1;
|
||||||
|
|
||||||
out:
|
out:
|
||||||
os_free(tmp);
|
bin_clear_free(tmp, data_len);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue