3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-21 20:12:37 +01:00

eap-ttls: Memzero copies of secrets

The AVP buffers are cleared because some plaintext secrets get written
into them.
This commit is contained in:
Andrew Zaborowski 2019-03-19 01:25:23 +01:00 committed by Denis Kenzior
parent 14572c0f1a
commit 2133e8a9fc

View File

@ -155,6 +155,7 @@ static uint8_t *avp_builder_free(struct avp_builder *builder, bool free_data,
uint8_t *ret;
if (free_data) {
explicit_bzero(builder->buf, builder->pos);
l_free(builder->buf);
builder->buf = NULL;
}
@ -514,10 +515,12 @@ static bool eap_ttls_phase2_chap_init(struct eap_state *eap)
build_avp_user_name(builder, credentials->username);
build_avp_chap_challenge(builder, challenge);
build_avp_chap_password(builder, &ident, password_hash);
explicit_bzero(password_hash, sizeof(password_hash));
data = avp_builder_free(builder, false, &data_len);
eap_tls_common_tunnel_send(eap, data, data_len);
explicit_bzero(data, data_len);
l_free(data);
return true;
@ -556,10 +559,12 @@ static bool eap_ttls_phase2_ms_chap_init(struct eap_state *eap)
mschap_nt_password_hash(credentials->password, password_hash);
build_avp_ms_chap_response(builder, &ident, challenge, password_hash);
explicit_bzero(password_hash, sizeof(password_hash));
data = avp_builder_free(builder, false, &data_len);
eap_tls_common_tunnel_send(eap, data, data_len);
explicit_bzero(data, data_len);
l_free(data);
return true;
@ -664,6 +669,7 @@ static bool eap_ttls_phase2_mschapv2_handle_success(struct eap_state *eap,
uint8_t nt_response[MSCHAPV2_RESPONSE_LEN];
char nt_server_response[MSCHAPV2_SERVER_RESPONSE_LEN];
uint8_t password_hash_hash[16];
bool r;
if (len != CHAP_IDENT_LEN + MSCHAPV2_SERVER_RESPONSE_LEN) {
l_error("TTLS Tunneled MSCHAPv2: Server response has invalid "
@ -688,12 +694,15 @@ static bool eap_ttls_phase2_mschapv2_handle_success(struct eap_state *eap,
goto error;
}
if (!mschapv2_generate_authenticator_response(
r = mschapv2_generate_authenticator_response(
password_hash_hash, nt_response,
mschapv2_state->peer_challenge,
mschapv2_state->server_challenge,
credentials->username,
nt_server_response)) {
nt_server_response);
explicit_bzero(password_hash_hash, sizeof(password_hash_hash));
if (!r) {
l_error("TTLS Tunneled-MSCHAPv2: Failed to generate server "
"response.");
goto error;
@ -767,6 +776,7 @@ static bool eap_ttls_phase2_pap_init(struct eap_state *eap)
buf = avp_builder_free(builder, false, &buf_len);
eap_tls_common_tunnel_send(eap, buf, buf_len);
explicit_bzero(buf, buf_len);
l_free(buf);
return true;
@ -909,6 +919,7 @@ static bool eap_ttls_tunnel_ready(struct eap_state *eap,
msk_emsk, 128);
eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, NULL, 0);
explicit_bzero(msk_emsk, sizeof(msk_emsk));
if (phase2->ops->init)
return phase2->ops->init(eap);
@ -1014,7 +1025,8 @@ static int eap_ttls_check_tunneled_auth_settings(struct l_settings *settings,
password_key, NULL, identity,
EAP_CACHE_TEMPORARY);
}
}
} else
explicit_bzero(password, strlen(password));
return 0;
}