From b4c0f584527d5bfb9fb313405ad58369336ab94c Mon Sep 17 00:00:00 2001 From: Jouni Malinen <jouni@qca.qualcomm.com> Date: Wed, 17 Jun 2015 16:30:34 +0300 Subject: [PATCH] Clear allocated debug message buffers explicitly When hostapd or wpa_supplicant is run in debug more with key material prints allowed (-K on the command line), it is possible for passwords and keying material to show up in debug prints. Since some of the debug cases end up allocating a temporary buffer from the heap for processing purposes, a copy of such password may remain in heap. Clear these temporary buffers explicitly to avoid causing issues for hwsim test cases that verify contents of memory against unexpected keys. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> --- hostapd/Android.mk | 1 + hostapd/Makefile | 1 + src/utils/wpa_debug.c | 16 ++++++++-------- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/hostapd/Android.mk b/hostapd/Android.mk index 78a150634..9dde32f83 100644 --- a/hostapd/Android.mk +++ b/hostapd/Android.mk @@ -893,6 +893,7 @@ endif OBJS_c = hostapd_cli.c src/common/wpa_ctrl.c src/utils/os_$(CONFIG_OS).c OBJS_c += src/utils/eloop.c +OBJS_c += src/utils/common.c ifdef CONFIG_WPA_TRACE OBJS_c += src/utils/trace.c endif diff --git a/hostapd/Makefile b/hostapd/Makefile index 3c7bd6f9d..d4fd36e00 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -108,6 +108,7 @@ LIBS_n += -lrt endif OBJS += ../src/utils/common.o +OBJS_c += ../src/utils/common.o OBJS += ../src/utils/wpa_debug.o OBJS_c += ../src/utils/wpa_debug.o OBJS += ../src/utils/wpabuf.o diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c index 82a899988..b7a6dbaef 100644 --- a/src/utils/wpa_debug.c +++ b/src/utils/wpa_debug.c @@ -307,7 +307,7 @@ static void _wpa_hexdump(int level, const char *title, const u8 *buf, "%s - hexdump(len=%lu):%s%s", title, (long unsigned int) len, display, len > slen ? " ..." : ""); - os_free(strbuf); + bin_clear_free(strbuf, 1 + 3 * slen); return; } #else /* CONFIG_ANDROID_LOG */ @@ -339,7 +339,7 @@ static void _wpa_hexdump(int level, const char *title, const u8 *buf, syslog(syslog_priority(level), "%s - hexdump(len=%lu):%s", title, (unsigned long) len, display); - os_free(strbuf); + bin_clear_free(strbuf, 1 + 3 * len); return; } #endif /* CONFIG_DEBUG_SYSLOG */ @@ -636,7 +636,7 @@ void wpa_msg(void *ctx, int level, const char *fmt, ...) wpa_printf(level, "%s%s", prefix, buf); if (wpa_msg_cb) wpa_msg_cb(ctx, level, WPA_MSG_PER_INTERFACE, buf, len); - os_free(buf); + bin_clear_free(buf, buflen); } @@ -664,7 +664,7 @@ void wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...) len = vsnprintf(buf, buflen, fmt, ap); va_end(ap); wpa_msg_cb(ctx, level, WPA_MSG_PER_INTERFACE, buf, len); - os_free(buf); + bin_clear_free(buf, buflen); } @@ -691,7 +691,7 @@ void wpa_msg_global(void *ctx, int level, const char *fmt, ...) wpa_printf(level, "%s", buf); if (wpa_msg_cb) wpa_msg_cb(ctx, level, WPA_MSG_GLOBAL, buf, len); - os_free(buf); + bin_clear_free(buf, buflen); } @@ -719,7 +719,7 @@ void wpa_msg_global_ctrl(void *ctx, int level, const char *fmt, ...) len = vsnprintf(buf, buflen, fmt, ap); va_end(ap); wpa_msg_cb(ctx, level, WPA_MSG_GLOBAL, buf, len); - os_free(buf); + bin_clear_free(buf, buflen); } @@ -746,7 +746,7 @@ void wpa_msg_no_global(void *ctx, int level, const char *fmt, ...) wpa_printf(level, "%s", buf); if (wpa_msg_cb) wpa_msg_cb(ctx, level, WPA_MSG_NO_GLOBAL, buf, len); - os_free(buf); + bin_clear_free(buf, buflen); } #endif /* CONFIG_NO_WPA_MSG */ @@ -789,6 +789,6 @@ void hostapd_logger(void *ctx, const u8 *addr, unsigned int module, int level, MAC2STR(addr), buf); else wpa_printf(MSG_DEBUG, "hostapd_logger: %s", buf); - os_free(buf); + bin_clear_free(buf, buflen); } #endif /* CONFIG_NO_HOSTAPD_LOGGER */