Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

EAP-pwd: Clear identity string and temporary buffer explicitly

Use an explicit memset call to clear any configuration parameter and
dynamic data that contains private information like keys or identity.
This brings in an additional layer of protection by reducing the length
of time this type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen il y a 10 ans
Parent
f119d66942
commit
1f1fe195cd
2 fichiers modifiés avec 10 ajouts et 10 suppressions
Vue séparée Afficher les stats Diff
  1. 4 4
      src/eap_peer/eap_pwd.c
  2. 6 6
      src/eap_server/eap_server_pwd.c

+ 4 - 4
src/eap_peer/eap_pwd.c
Voir le fichier 

@@ -123,7 +123,7 @@ static void * eap_pwd_init(struct eap_sm *sm)
 
 	if ((data->password = os_malloc(password_len)) == NULL) {
 
 		wpa_printf(MSG_INFO, "EAP-PWD: memory allocation psk fail");
 
 		BN_CTX_free(data->bnctx);
 
-		os_free(data->id_peer);
 
+		bin_clear_free(data->id_peer, data->id_peer_len);
 
 		os_free(data);
 
 		return NULL;
 
 	}
 
@@ -155,8 +155,8 @@ static void eap_pwd_deinit(struct eap_sm *sm, void *priv)
 
 	BN_CTX_free(data->bnctx);
 
 	EC_POINT_clear_free(data->my_element);
 
 	EC_POINT_clear_free(data->server_element);
 
-	os_free(data->id_peer);
 
-	os_free(data->id_server);
 
+	bin_clear_free(data->id_peer, data->id_peer_len);
 
+	bin_clear_free(data->id_server, data->id_server_len);
 
 	bin_clear_free(data->password, data->password_len);
 
 	if (data->grp) {
 
 		EC_GROUP_free(data->grp->group);
 
@@ -684,7 +684,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
 
 	wpabuf_put_data(data->outbuf, conf, SHA256_MAC_LEN);
 
 
 fin:
 
-	os_free(cruft);
 
+	bin_clear_free(cruft, BN_num_bytes(data->grp->prime));
 
 	BN_clear_free(x);
 
 	BN_clear_free(y);
 
 	if (data->outbuf == NULL) {

+ 6 - 6
src/eap_server/eap_server_pwd.c
Voir le fichier 

@@ -106,7 +106,7 @@ static void * eap_pwd_init(struct eap_sm *sm)
 
 	if (data->password == NULL) {
 
 		wpa_printf(MSG_INFO, "EAP-PWD: Memory allocation password "
 
 			   "fail");
 
-		os_free(data->id_server);
 
+		bin_clear_free(data->id_server, data->id_server_len);
 
 		os_free(data);
 
 		return NULL;
 
 	}
 
@@ -117,7 +117,7 @@ static void * eap_pwd_init(struct eap_sm *sm)
 
 	if (data->bnctx == NULL) {
 
 		wpa_printf(MSG_INFO, "EAP-PWD: bn context allocation fail");
 
 		bin_clear_free(data->password, data->password_len);
 
-		os_free(data->id_server);
 
+		bin_clear_free(data->id_server, data->id_server_len);
 
 		os_free(data);
 
 		return NULL;
 
 	}
 
@@ -142,8 +142,8 @@ static void eap_pwd_reset(struct eap_sm *sm, void *priv)
 
 	BN_CTX_free(data->bnctx);
 
 	EC_POINT_clear_free(data->my_element);
 
 	EC_POINT_clear_free(data->peer_element);
 
-	os_free(data->id_peer);
 
-	os_free(data->id_server);
 
+	bin_clear_free(data->id_peer, data->id_peer_len);
 
+	bin_clear_free(data->id_server, data->id_server_len);
 
 	bin_clear_free(data->password, data->password_len);
 
 	if (data->grp) {
 
 		EC_GROUP_free(data->grp->group);
 
@@ -410,7 +410,7 @@ static void eap_pwd_build_confirm_req(struct eap_sm *sm,
 
 	wpabuf_put_data(data->outbuf, conf, SHA256_MAC_LEN);
 
 
 fin:
 
-	os_free(cruft);
 
+	bin_clear_free(cruft, BN_num_bytes(data->grp->prime));
 
 	BN_clear_free(x);
 
 	BN_clear_free(y);
 
 	if (data->outbuf == NULL)
 
@@ -855,7 +855,7 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
 
 		eap_pwd_state(data, SUCCESS);
 
 
 fin:
 
-	os_free(cruft);
 
+	bin_clear_free(cruft, BN_num_bytes(data->grp->prime));
 
 	BN_clear_free(x);
 
 	BN_clear_free(y);
 
 }