jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

nl80211: Clear keys from heap memory before freeing it for get_seqnum

Browse source 
NL80211_CMD_GET_KEY response may return the actual key in addition to
the last used sequence number that we need. That might result in a key
being left in unused heap memory after the buffer is freed.

Explicitly clear the message payload with the possibly included key
material from heap memory before returning from the handler function
(and having libnl free the nlmsg) when key information is obtained from
the driver using the NL80211_CMD_GET_KEY command.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
vamsi krishna 2019-03-13 12:33:17 +05:30 committed by Jouni Malinen
parent 2b7fa03559
commit 4efade3157
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/drivers/driver_nl80211.c
View file

@ -6132,6 +6132,7 @@ static int get_key_handler(struct nl_msg *msg, void *arg)
if (tb[NL80211_ATTR_KEY_SEQ])
memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
nl80211_nlmsg_clear(msg);
return NL_SKIP;
}