WPA auth: Clear temporary MSK storage from stack explicitly

This reduces the duration of time a key may remain unnecessarily in
memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 1905dc9..f13f141 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1882,6 +1882,7 @@ SM_STATE(WPA_PTK, INITPMK)
                wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
                           sm->wpa_auth->cb.get_msk);
        }
+       os_memset(msk, 0, sizeof(msk));
 
        sm->req_replay_counter_used = 0;
        /* IEEE 802.11i does not set keyRun to FALSE, but not doing this