From d1ecca6c15311ff192841e78ebf2b338f2fc31cd Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 2 Jul 2014 01:43:33 +0300 Subject: [PATCH] HS 2.0 R2: Clear hs20-osu-client configuration keys explicitly Use an explicit memset call to clear any hs20-osu-client configuration parameter that contains private information like keys or identity. This brings in an additional layer of protection by reducing the length of time this type of private data is kept in memory. Signed-off-by: Jouni Malinen --- hs20/client/osu_client.c | 4 ++-- src/utils/http_curl.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c index ea269ab9f..a439bdeb1 100644 --- a/hs20/client/osu_client.c +++ b/hs20/client/osu_client.c @@ -2495,7 +2495,7 @@ static void cmd_sub_rem(struct hs20_osu_client *ctx, const char *address, xml_node_get_text_free(ctx->xml, sub_rem_uri); xml_node_get_text_free(ctx->xml, cred_username); - os_free(cred_password); + str_clear_free(cred_password); xml_node_free(ctx->xml, pps); } @@ -2642,7 +2642,7 @@ static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address, xml_node_get_text_free(ctx->xml, uri); xml_node_get_text_free(ctx->xml, cred_username); - os_free(cred_password); + str_clear_free(cred_password); xml_node_free(ctx->xml, pps); return 0; diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c index 07d9af087..eb79b862d 100644 --- a/src/utils/http_curl.c +++ b/src/utils/http_curl.c @@ -1368,8 +1368,8 @@ int soap_reinit_client(struct http_ctx *ctx) client_cert, client_key); os_free(address); os_free(ca_fname); - os_free(username); - os_free(password); + str_clear_free(username); + str_clear_free(password); os_free(client_cert); os_free(client_key); return ret; @@ -1487,8 +1487,8 @@ void http_deinit_ctx(struct http_ctx *ctx) os_free(ctx->svc_address); os_free(ctx->svc_ca_fname); - os_free(ctx->svc_username); - os_free(ctx->svc_password); + str_clear_free(ctx->svc_username); + str_clear_free(ctx->svc_password); os_free(ctx->svc_client_cert); os_free(ctx->svc_client_key);