Clear allocated debug message buffers explicitly

When hostapd or wpa_supplicant is run in debug more with key material prints allowed (-K on the command line), it is possible for passwords and keying material to show up in debug prints. Since some of the debug cases end up allocating a temporary buffer from the heap for processing purposes, a copy of such password may remain in heap. Clear these temporary buffers explicitly to avoid causing issues for hwsim test cases that verify contents of memory against unexpected keys. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2025-01-18 02:44:03 -05:00 · 2015-06-17 16:30:34 +03:00 · 2015-06-17 16:30:34 +03:00 · b4c0f58452
commit b4c0f58452
parent 14fd03312c
3 changed files with 10 additions and 8 deletions
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@ -893,6 +893,7 @@ endif

 OBJS_c = hostapd_cli.c src/common/wpa_ctrl.c src/utils/os_$(CONFIG_OS).c
 OBJS_c += src/utils/eloop.c
+OBJS_c += src/utils/common.c
 ifdef CONFIG_WPA_TRACE
 OBJS_c += src/utils/trace.c
 endif
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@ -108,6 +108,7 @@ LIBS_n += -lrt
 endif

 OBJS += ../src/utils/common.o
+OBJS_c += ../src/utils/common.o
 OBJS += ../src/utils/wpa_debug.o
 OBJS_c += ../src/utils/wpa_debug.o
 OBJS += ../src/utils/wpabuf.o
--- a/src/utils/wpa_debug.c
+++ b/src/utils/wpa_debug.c
@ -307,7 +307,7 @@ static void _wpa_hexdump(int level, const char *title, const u8 *buf,
 				    "%s - hexdump(len=%lu):%s%s",
 				    title, (long unsigned int) len, display,
 				    len > slen ? " ..." : "");
-		os_free(strbuf);
+		bin_clear_free(strbuf, 1 + 3 * slen);
 		return;
 	}
 #else /* CONFIG_ANDROID_LOG */
@ -339,7 +339,7 @@ static void _wpa_hexdump(int level, const char *title, const u8 *buf,

 		syslog(syslog_priority(level), "%s - hexdump(len=%lu):%s",
 		       title, (unsigned long) len, display);
-		os_free(strbuf);
+		bin_clear_free(strbuf, 1 + 3 * len);
 		return;
 	}
 #endif /* CONFIG_DEBUG_SYSLOG */
@ -636,7 +636,7 @@ void wpa_msg(void *ctx, int level, const char *fmt, ...)
 	wpa_printf(level, "%s%s", prefix, buf);
 	if (wpa_msg_cb)
 		wpa_msg_cb(ctx, level, WPA_MSG_PER_INTERFACE, buf, len);
-	os_free(buf);
+	bin_clear_free(buf, buflen);
 }


@ -664,7 +664,7 @@ void wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
 	len = vsnprintf(buf, buflen, fmt, ap);
 	va_end(ap);
 	wpa_msg_cb(ctx, level, WPA_MSG_PER_INTERFACE, buf, len);
-	os_free(buf);
+	bin_clear_free(buf, buflen);
 }


@ -691,7 +691,7 @@ void wpa_msg_global(void *ctx, int level, const char *fmt, ...)
 	wpa_printf(level, "%s", buf);
 	if (wpa_msg_cb)
 		wpa_msg_cb(ctx, level, WPA_MSG_GLOBAL, buf, len);
-	os_free(buf);
+	bin_clear_free(buf, buflen);
 }


@ -719,7 +719,7 @@ void wpa_msg_global_ctrl(void *ctx, int level, const char *fmt, ...)
 	len = vsnprintf(buf, buflen, fmt, ap);
 	va_end(ap);
 	wpa_msg_cb(ctx, level, WPA_MSG_GLOBAL, buf, len);
-	os_free(buf);
+	bin_clear_free(buf, buflen);
 }


@ -746,7 +746,7 @@ void wpa_msg_no_global(void *ctx, int level, const char *fmt, ...)
 	wpa_printf(level, "%s", buf);
 	if (wpa_msg_cb)
 		wpa_msg_cb(ctx, level, WPA_MSG_NO_GLOBAL, buf, len);
-	os_free(buf);
+	bin_clear_free(buf, buflen);
 }

 #endif /* CONFIG_NO_WPA_MSG */
@ -789,6 +789,6 @@ void hostapd_logger(void *ctx, const u8 *addr, unsigned int module, int level,
 			   MAC2STR(addr), buf);
 	else
 		wpa_printf(MSG_DEBUG, "hostapd_logger: %s", buf);
-	os_free(buf);
+	bin_clear_free(buf, buflen);
 }
 #endif /* CONFIG_NO_HOSTAPD_LOGGER */