Explicitly clear the temporary stack-based PSK buffer

There is no need to leave this temporary key in stack memory after
having been configured to the WPA state machine.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-12-29 13:10:30 +02:00
parent 658da804e5
commit e886c88e95

View File

@ -1235,6 +1235,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)", wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
psk, PMK_LEN); psk, PMK_LEN);
wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL); wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL);
os_memset(psk, 0, sizeof(psk));
} }
#endif /* CONFIG_NO_PBKDF2 */ #endif /* CONFIG_NO_PBKDF2 */
#ifdef CONFIG_EXT_PASSWORD #ifdef CONFIG_EXT_PASSWORD
@ -1271,6 +1272,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
"external passphrase)", "external passphrase)",
psk, PMK_LEN); psk, PMK_LEN);
wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL); wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL);
os_memset(psk, 0, sizeof(psk));
} else } else
#endif /* CONFIG_NO_PBKDF2 */ #endif /* CONFIG_NO_PBKDF2 */
if (wpabuf_len(pw) == 2 * PMK_LEN) { if (wpabuf_len(pw) == 2 * PMK_LEN) {
@ -1282,6 +1284,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
return -1; return -1;
} }
wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL); wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL);
os_memset(psk, 0, sizeof(psk));
} else { } else {
wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable " wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
"PSK available"); "PSK available");