HS 2.0 R2: Clear hs20-osu-client configuration keys explicitly
Use an explicit memset call to clear any hs20-osu-client configuration parameter that contains private information like keys or identity. This brings in an additional layer of protection by reducing the length of time this type of private data is kept in memory. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
		
							parent
							
								
									0a13e06bdb
								
							
						
					
					
						commit
						d1ecca6c15
					
				
					 2 changed files with 6 additions and 6 deletions
				
			
		|  | @ -2495,7 +2495,7 @@ static void cmd_sub_rem(struct hs20_osu_client *ctx, const char *address, | ||||||
| 
 | 
 | ||||||
| 	xml_node_get_text_free(ctx->xml, sub_rem_uri); | 	xml_node_get_text_free(ctx->xml, sub_rem_uri); | ||||||
| 	xml_node_get_text_free(ctx->xml, cred_username); | 	xml_node_get_text_free(ctx->xml, cred_username); | ||||||
| 	os_free(cred_password); | 	str_clear_free(cred_password); | ||||||
| 	xml_node_free(ctx->xml, pps); | 	xml_node_free(ctx->xml, pps); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | @ -2642,7 +2642,7 @@ static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address, | ||||||
| 
 | 
 | ||||||
| 	xml_node_get_text_free(ctx->xml, uri); | 	xml_node_get_text_free(ctx->xml, uri); | ||||||
| 	xml_node_get_text_free(ctx->xml, cred_username); | 	xml_node_get_text_free(ctx->xml, cred_username); | ||||||
| 	os_free(cred_password); | 	str_clear_free(cred_password); | ||||||
| 	xml_node_free(ctx->xml, pps); | 	xml_node_free(ctx->xml, pps); | ||||||
| 
 | 
 | ||||||
| 	return 0; | 	return 0; | ||||||
|  |  | ||||||
|  | @ -1368,8 +1368,8 @@ int soap_reinit_client(struct http_ctx *ctx) | ||||||
| 			       client_cert, client_key); | 			       client_cert, client_key); | ||||||
| 	os_free(address); | 	os_free(address); | ||||||
| 	os_free(ca_fname); | 	os_free(ca_fname); | ||||||
| 	os_free(username); | 	str_clear_free(username); | ||||||
| 	os_free(password); | 	str_clear_free(password); | ||||||
| 	os_free(client_cert); | 	os_free(client_cert); | ||||||
| 	os_free(client_key); | 	os_free(client_key); | ||||||
| 	return ret; | 	return ret; | ||||||
|  | @ -1487,8 +1487,8 @@ void http_deinit_ctx(struct http_ctx *ctx) | ||||||
| 
 | 
 | ||||||
| 	os_free(ctx->svc_address); | 	os_free(ctx->svc_address); | ||||||
| 	os_free(ctx->svc_ca_fname); | 	os_free(ctx->svc_ca_fname); | ||||||
| 	os_free(ctx->svc_username); | 	str_clear_free(ctx->svc_username); | ||||||
| 	os_free(ctx->svc_password); | 	str_clear_free(ctx->svc_password); | ||||||
| 	os_free(ctx->svc_client_cert); | 	os_free(ctx->svc_client_cert); | ||||||
| 	os_free(ctx->svc_client_key); | 	os_free(ctx->svc_client_key); | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue
	
	 Jouni Malinen
						Jouni Malinen