From f42df144155fb8486f9cee0afc367445b91a9ce6 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 29 Dec 2014 13:07:00 +0200 Subject: [PATCH] WPS ER: Explicitly clear PSK from stack after use There is no need to leave the PSK from temporary Credential structure that was built in stack after that Credential has been passed to the WPS module. Signed-off-by: Jouni Malinen --- wpa_supplicant/wps_supplicant.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c index ebbb798b9..22083bd93 100644 --- a/wpa_supplicant/wps_supplicant.c +++ b/wpa_supplicant/wps_supplicant.c @@ -1919,6 +1919,7 @@ int wpas_wps_er_set_config(struct wpa_supplicant *wpa_s, const char *uuid, u8 addr[ETH_ALEN], *use_addr = NULL; struct wpa_ssid *ssid; struct wps_credential cred; + int ret; if (uuid_str2bin(uuid, u) == 0) use_uuid = u; @@ -1932,7 +1933,9 @@ int wpas_wps_er_set_config(struct wpa_supplicant *wpa_s, const char *uuid, if (wpas_wps_network_to_cred(ssid, &cred) < 0) return -1; - return wps_er_set_config(wpa_s->wps_er, use_uuid, use_addr, &cred); + ret = wps_er_set_config(wpa_s->wps_er, use_uuid, use_addr, &cred); + os_memset(&cred, 0, sizeof(cred)); + return ret; }