Explicitly clear the temporary stack-based PSK buffer
There is no need to leave this temporary key in stack memory after having been configured to the WPA state machine. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
658da804e5
commit
e886c88e95
1 changed files with 3 additions and 0 deletions
|
|
@ -1235,6 +1235,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
|
||||||
wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
|
wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
|
||||||
psk, PMK_LEN);
|
psk, PMK_LEN);
|
||||||
wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL);
|
wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL);
|
||||||
|
os_memset(psk, 0, sizeof(psk));
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_NO_PBKDF2 */
|
#endif /* CONFIG_NO_PBKDF2 */
|
||||||
#ifdef CONFIG_EXT_PASSWORD
|
#ifdef CONFIG_EXT_PASSWORD
|
||||||
|
|
@ -1271,6 +1272,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
|
||||||
"external passphrase)",
|
"external passphrase)",
|
||||||
psk, PMK_LEN);
|
psk, PMK_LEN);
|
||||||
wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL);
|
wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL);
|
||||||
|
os_memset(psk, 0, sizeof(psk));
|
||||||
} else
|
} else
|
||||||
#endif /* CONFIG_NO_PBKDF2 */
|
#endif /* CONFIG_NO_PBKDF2 */
|
||||||
if (wpabuf_len(pw) == 2 * PMK_LEN) {
|
if (wpabuf_len(pw) == 2 * PMK_LEN) {
|
||||||
|
|
@ -1282,6 +1284,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL);
|
wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL);
|
||||||
|
os_memset(psk, 0, sizeof(psk));
|
||||||
} else {
|
} else {
|
||||||
wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
|
wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
|
||||||
"PSK available");
|
"PSK available");
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue