Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-19 02:39:29 +01:00
Code Releases Activity

network: Clear psk and passphrase copies before freeing

Browse Source
This commit is contained in:
Andrew Zaborowski 2019-03-22 19:44:17 +01:00 committed by Denis Kenzior
parent 05d556d493
commit 3ca8a18b4e
1 changed files with 31 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/network.c
View File

@ -78,16 +78,32 @@ static bool network_settings_load(struct network *network)
return network->settings != NULL; return network->settings != NULL;
} }
static void network_reset_psk(struct network *network)
{
if (network->psk)
explicit_bzero(network->psk, 32);
l_free(network->psk);
network->psk = NULL;
}
static void network_reset_passphrase(struct network *network)
{
if (network->passphrase)
explicit_bzero(network->passphrase,
strlen(network->passphrase));
l_free(network->passphrase);
network->passphrase = NULL;
}
static void network_settings_close(struct network *network) static void network_settings_close(struct network *network)
{ {
if (!network->settings) if (!network->settings)
return; return;
l_free(network->psk); network_reset_psk(network);
network->psk = NULL; network_reset_passphrase(network);
l_free(network->passphrase);
network->passphrase = NULL;
l_settings_free(network->settings); l_settings_free(network->settings);
network->settings = NULL; network->settings = NULL;
@ -340,7 +356,7 @@ bool network_set_psk(struct network *network, const uint8_t *psk)
if (!network_settings_load(network)) if (!network_settings_load(network))
return false; return false;
l_free(network->psk); network_reset_psk(network);
network->psk = l_memdup(psk, 32); network->psk = l_memdup(psk, 32);
return true; return true;
} }
@ -418,9 +434,9 @@ static int network_load_psk(struct network *network, bool need_passphrase)
if ((!psk || need_passphrase) && !passphrase) if ((!psk || need_passphrase) && !passphrase)
return -ENOKEY; return -ENOKEY;
l_free(network->passphrase); network_reset_passphrase(network);
network_reset_psk(network);
network->passphrase = passphrase; network->passphrase = passphrase;
l_free(network->psk);
if (psk) { if (psk) {
char *path; char *path;
@ -429,14 +445,14 @@ static int network_load_psk(struct network *network, bool need_passphrase)
if (network->psk && len == 32) if (network->psk && len == 32)
return 0; return 0;
network_reset_psk(network);
path = storage_get_network_file_path(info->type, info->ssid); path = storage_get_network_file_path(info->type, info->ssid);
l_error("%s: invalid PreSharedKey format", path); l_error("%s: invalid PreSharedKey format", path);
l_free(path); l_free(path);
if (!passphrase) if (!passphrase)
goto reset_psk; return -EINVAL;
l_free(network->psk);
} }
network->psk = l_malloc(32); network->psk = l_malloc(32);
@ -454,11 +470,8 @@ static int network_load_psk(struct network *network, bool need_passphrase)
"Ensure Crypto Engine is properly configured", "Ensure Crypto Engine is properly configured",
strerror(-r)); strerror(-r));
l_free(network->passphrase); network_reset_passphrase(network);
network->passphrase = NULL; network_reset_psk(network);
reset_psk:
l_free(network->psk);
network->psk = NULL;
return -EINVAL; return -EINVAL;
} }
@ -744,7 +757,7 @@ static void passphrase_callback(enum agent_result result,
goto err; goto err;
} }
l_free(network->psk); network_reset_psk(network);
network->psk = l_malloc(32); network->psk = l_malloc(32);
r = crypto_psk_from_passphrase(passphrase, r = crypto_psk_from_passphrase(passphrase,
(uint8_t *) network->info->ssid, (uint8_t *) network->info->ssid,
@ -769,7 +782,7 @@ static void passphrase_callback(enum agent_result result,
goto err; goto err;
} }
l_free(network->passphrase); network_reset_passphrase(network);
network->passphrase = l_strdup(passphrase); network->passphrase = l_strdup(passphrase);
/* /*