nl80211: Clear keys from heap memory before freeing it for get_seqnum
NL80211_CMD_GET_KEY response may return the actual key in addition to the last used sequence number that we need. That might result in a key being left in unused heap memory after the buffer is freed. Explicitly clear the message payload with the possibly included key material from heap memory before returning from the handler function (and having libnl free the nlmsg) when key information is obtained from the driver using the NL80211_CMD_GET_KEY command. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
2b7fa03559
commit
4efade3157
1 changed files with 1 additions and 0 deletions
|
@ -6132,6 +6132,7 @@ static int get_key_handler(struct nl_msg *msg, void *arg)
|
||||||
if (tb[NL80211_ATTR_KEY_SEQ])
|
if (tb[NL80211_ATTR_KEY_SEQ])
|
||||||
memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
|
memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
|
||||||
min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
|
min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
|
||||||
|
nl80211_nlmsg_clear(msg);
|
||||||
return NL_SKIP;
|
return NL_SKIP;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue