Use an explicit memset call to clear any hostapd configuration parameter
that contains private information like keys or identity. This brings in
an additional layer of protection by reducing the length of time this
type of private data is kept in memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
{
hostapd_config_free_radius_attr(user->accept_attr);
os_free(user->identity);
{
hostapd_config_free_radius_attr(user->accept_attr);
os_free(user->identity);
- os_free(user->password);
+ bin_clear_free(user->password, user->password_len);
{
int i;
for (i = 0; i < NUM_WEP_KEYS; i++) {
{
int i;
for (i = 0; i < NUM_WEP_KEYS; i++) {
+ bin_clear_free(keys->key[i], keys->len[i]);
while (psk) {
prev = psk;
psk = psk->next;
while (psk) {
prev = psk;
psk = psk->next;
+ bin_clear_free(prev, sizeof(*prev));
- os_free(conf->ssid.wpa_passphrase);
+ str_clear_free(conf->ssid.wpa_passphrase);
os_free(conf->ssid.wpa_psk_file);
hostapd_config_free_wep(&conf->ssid.wep);
#ifdef CONFIG_FULL_DYNAMIC_VLAN
os_free(conf->ssid.wpa_psk_file);
hostapd_config_free_wep(&conf->ssid.wep);
#ifdef CONFIG_FULL_DYNAMIC_VLAN
for (i = 0; i < argc; i++) {
if (os_strcmp(col[i], "password") == 0 && argv[i]) {
for (i = 0; i < argc; i++) {
if (os_strcmp(col[i], "password") == 0 && argv[i]) {
- os_free(user->password);
+ bin_clear_free(user->password, user->password_len);
user->password_len = os_strlen(argv[i]);
user->password = (u8 *) os_strdup(argv[i]);
user->next = (void *) 1;
user->password_len = os_strlen(argv[i]);
user->password = (u8 *) os_strdup(argv[i]);
user->next = (void *) 1;
if (len <= user->identity_len &&
os_memcmp(argv[id], user->identity, len) == 0 &&
(user->password == NULL || len > user->password_len)) {
if (len <= user->identity_len &&
os_memcmp(argv[id], user->identity, len) == 0 &&
(user->password == NULL || len > user->password_len)) {
- os_free(user->password);
+ bin_clear_free(user->password, user->password_len);
user->password_len = os_strlen(argv[id]);
user->password = (u8 *) os_strdup(argv[id]);
user->next = (void *) 1;
user->password_len = os_strlen(argv[id]);
user->password = (u8 *) os_strdup(argv[id]);
user->next = (void *) 1;
- os_free(hapd->tmp_eap_user.identity);
- os_free(hapd->tmp_eap_user.password);
+ bin_clear_free(hapd->tmp_eap_user.identity,
+ hapd->tmp_eap_user.identity_len);
+ bin_clear_free(hapd->tmp_eap_user.password,
+ hapd->tmp_eap_user.password_len);
os_memset(&hapd->tmp_eap_user, 0, sizeof(hapd->tmp_eap_user));
hapd->tmp_eap_user.phase2 = phase2;
hapd->tmp_eap_user.identity = os_zalloc(identity_len + 1);
os_memset(&hapd->tmp_eap_user, 0, sizeof(hapd->tmp_eap_user));
hapd->tmp_eap_user.phase2 = phase2;
hapd->tmp_eap_user.identity = os_zalloc(identity_len + 1);
#endif /* CONFIG_INTERWORKING */
#ifdef CONFIG_SQLITE
#endif /* CONFIG_INTERWORKING */
#ifdef CONFIG_SQLITE
- os_free(hapd->tmp_eap_user.identity);
- os_free(hapd->tmp_eap_user.password);
+ bin_clear_free(hapd->tmp_eap_user.identity,
+ hapd->tmp_eap_user.identity_len);
+ bin_clear_free(hapd->tmp_eap_user.password,
+ hapd->tmp_eap_user.password_len);
#endif /* CONFIG_SQLITE */
}
#endif /* CONFIG_SQLITE */
}
os_memset(&tmp, 0, sizeof(tmp));
res = data->get_eap_user(data->conf_ctx, user, user_len, 0, &tmp);
os_memset(&tmp, 0, sizeof(tmp));
res = data->get_eap_user(data->conf_ctx, user, user_len, 0, &tmp);
+ bin_clear_free(tmp.password, tmp.password_len);
if (res != 0) {
RADIUS_DEBUG("User-Name not found from user database");
if (res != 0) {
RADIUS_DEBUG("User-Name not found from user database");
os_strlen(sess->username), 0, &tmp);
if (res || !tmp.macacl || tmp.password == NULL) {
RADIUS_DEBUG("No MAC ACL user entry");
os_strlen(sess->username), 0, &tmp);
if (res || !tmp.macacl || tmp.password == NULL) {
RADIUS_DEBUG("No MAC ACL user entry");
+ bin_clear_free(tmp.password, tmp.password_len);
code = RADIUS_CODE_ACCESS_REJECT;
} else {
u8 buf[128];
code = RADIUS_CODE_ACCESS_REJECT;
} else {
u8 buf[128];
(u8 *) client->shared_secret,
client->shared_secret_len,
buf, sizeof(buf));
(u8 *) client->shared_secret,
client->shared_secret_len,
buf, sizeof(buf));
+ bin_clear_free(tmp.password, tmp.password_len);
if (res < 0 || pw_len != (size_t) res ||
os_memcmp_const(pw, buf, res) != 0) {
if (res < 0 || pw_len != (size_t) res ||
os_memcmp_const(pw, buf, res) != 0) {