From fbfc974c6c4307a61b3b4eaf31923d3533dd52de Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 29 Dec 2014 15:41:03 +0200 Subject: [PATCH] Clear GTK from memory as soon as it is not needed anymore It was possible for the decrypted EAPOL-Key Key Data field to remain in heap after the temporary buffer was freed. Explicitly clear that buffer before freeing it to minimize the time GTK remains in memory. Signed-off-by: Jouni Malinen --- src/rsn_supp/wpa.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index c88f1e407..8ea54bbab 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -1426,6 +1426,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) || wpa_supplicant_send_2_of_2(sm, key, ver, key_info)) goto failed; + os_memset(&gd, 0, sizeof(gd)); if (rekey) { wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying " @@ -1444,6 +1445,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, return; failed: + os_memset(&gd, 0, sizeof(gd)); wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); } @@ -1924,7 +1926,7 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, ret = 1; out: - os_free(tmp); + bin_clear_free(tmp, data_len); return ret; }