From 18389abcca13e32b1eaf1d252a54f22bb1a1bea7 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Wed, 2 Jul 2014 01:46:45 +0300
Subject: [PATCH] WPS: Clear keys/PINs explicitly

Use an explicit memset call to clear any configuration parameter and
dynamic data that contains private information like keys or identity.
This brings in an additional layer of protection by reducing the length
of time this type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/wps/wps.c           | 13 +++++++------
 src/wps/wps_enrollee.c  |  2 +-
 src/wps/wps_registrar.c |  6 +++---
 3 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/wps/wps.c b/src/wps/wps.c
index 648cfd10f..b0f6887ce 100644
--- a/src/wps/wps.c
+++ b/src/wps/wps.c
@@ -89,7 +89,7 @@ struct wps_data * wps_init(const struct wps_config *cfg)
 	if (cfg->pbc) {
 		/* Use special PIN '00000000' for PBC */
 		data->dev_pw_id = DEV_PW_PUSHBUTTON;
-		os_free(data->dev_password);
+		bin_clear_free(data->dev_password, data->dev_password_len);
 		data->dev_password = (u8 *) os_strdup("00000000");
 		if (data->dev_password == NULL) {
 			os_free(data);
@@ -122,7 +122,8 @@ struct wps_data * wps_init(const struct wps_config *cfg)
 		data->new_ap_settings =
 			os_malloc(sizeof(*data->new_ap_settings));
 		if (data->new_ap_settings == NULL) {
-			os_free(data->dev_password);
+			bin_clear_free(data->dev_password,
+				       data->dev_password_len);
 			os_free(data);
 			return NULL;
 		}
@@ -173,11 +174,11 @@ void wps_deinit(struct wps_data *data)
 	wpabuf_free(data->dh_pubkey_e);
 	wpabuf_free(data->dh_pubkey_r);
 	wpabuf_free(data->last_msg);
-	os_free(data->dev_password);
-	os_free(data->alt_dev_password);
-	os_free(data->new_psk);
+	bin_clear_free(data->dev_password, data->dev_password_len);
+	bin_clear_free(data->alt_dev_password, data->alt_dev_password_len);
+	bin_clear_free(data->new_psk, data->new_psk_len);
 	wps_device_data_free(&data->peer_dev);
-	os_free(data->new_ap_settings);
+	bin_clear_free(data->new_ap_settings, sizeof(*data->new_ap_settings));
 	dh5_free(data->dh_ctx);
 	os_free(data);
 }
diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index b0b10ba8d..f7d41b4de 100644
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -892,7 +892,7 @@ static int wps_process_dev_pw_id(struct wps_data *wps, const u8 *dev_pw_id)
 
 	if (wps->alt_dev_password && wps->alt_dev_pw_id == id) {
 		wpa_printf(MSG_DEBUG, "WPS: Found a matching Device Password");
-		os_free(wps->dev_password);
+		bin_clear_free(wps->dev_password, wps->dev_password_len);
 		wps->dev_pw_id = wps->alt_dev_pw_id;
 		wps->dev_password = wps->alt_dev_password;
 		wps->dev_password_len = wps->alt_dev_password_len;
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index a3d0df762..00c8299ac 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -42,7 +42,7 @@ struct wps_nfc_pw_token {
 static void wps_remove_nfc_pw_token(struct wps_nfc_pw_token *token)
 {
 	dl_list_del(&token->list);
-	os_free(token);
+	bin_clear_free(token, sizeof(*token));
 }
 
 
@@ -91,7 +91,7 @@ struct wps_uuid_pin {
 
 static void wps_free_pin(struct wps_uuid_pin *pin)
 {
-	os_free(pin->pin);
+	bin_clear_free(pin->pin, pin->pin_len);
 	os_free(pin);
 }
 
@@ -1343,7 +1343,7 @@ static int wps_get_dev_password(struct wps_data *wps)
 	const u8 *pin;
 	size_t pin_len = 0;
 
-	os_free(wps->dev_password);
+	bin_clear_free(wps->dev_password, wps->dev_password_len);
 	wps->dev_password = NULL;
 
 	if (wps->pbc) {