alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-13 16:08:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

EAP peer: Clear keying material on deinit

Browse Source 
Reduce the amount of time keying material (MSK, EMSK, temporary private
data) remains in memory in EAP methods. This provides additional
protection should there be any issues that could expose process memory
to external observers.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
2014-06-29 21:16:30 +03:00
committed by Sarvesh Bodakhe
parent bb16734aa9
commit f4d7329ae6
5 changed files with 49 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
components/wpa_supplicant/src/eap_peer/eap_mschapv2.c
View File

@@ -87,7 +87,7 @@ eap_mschapv2_deinit(struct eap_sm *sm, void *priv)
os_free(data->peer_challenge);
os_free(data->auth_challenge);
wpabuf_free(data->prev_challenge);
os_free(data);
bin_clear_free(data, sizeof(*data));
}
static void *
@@ -285,7 +285,7 @@ eap_mschapv2_password_changed(struct eap_sm *sm,
WPA_EVENT_PASSWORD_CHANGED
"EAP-MSCHAPV2: Password changed successfully");
data->prev_error = 0;
os_free(config->password);
bin_clear_free(config->password, config->password_len);
if (config->flags & EAP_CONFIG_FLAGS_EXT_PASSWORD) {
/* TODO: update external storage */
} else if (config->flags & EAP_CONFIG_FLAGS_PASSWORD_NTHASH) {
@@ -296,7 +296,8 @@ eap_mschapv2_password_changed(struct eap_sm *sm,
config->new_password_len,
config->password);
}
os_free(config->new_password);
bin_clear_free(config->new_password,
config->new_password_len);
} else {
config->password = config->new_password;
config->password_len = config->new_password_len;