From 56d3d40f30424a399a25ac8a14421cb61102634e Mon Sep 17 00:00:00 2001 From: Andrew Zaborowski Date: Thu, 26 Apr 2018 11:29:26 +0200 Subject: [PATCH] eap: Wipe passphrase memory in TLS, TTLS, EAP Wipe the passphrase memory in more places before freeing. --- src/eap-peap.c | 4 ++++ src/eap-tls.c | 2 ++ src/eap-ttls.c | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/src/eap-peap.c b/src/eap-peap.c index 1e249c8e..6a6d24a1 100644 --- a/src/eap-peap.c +++ b/src/eap-peap.c @@ -180,6 +180,8 @@ static void eap_peap_free(struct eap_state *eap) l_free(peap->ca_cert); l_free(peap->client_cert); l_free(peap->client_key); + if (peap->passphrase) + memset(peap->passphrase, 0, strlen(peap->passphrase)); l_free(peap->passphrase); l_free(peap); @@ -974,6 +976,8 @@ error: l_free(peap->ca_cert); l_free(peap->client_cert); l_free(peap->client_key); + if (peap->passphrase) + memset(peap->passphrase, 0, strlen(peap->passphrase)); l_free(peap->passphrase); l_free(peap); diff --git a/src/eap-tls.c b/src/eap-tls.c index 0ee48828..4a8fe5c1 100644 --- a/src/eap-tls.c +++ b/src/eap-tls.c @@ -56,6 +56,8 @@ static void eap_tls_free(struct eap_state *eap) l_free(tls->ca_cert); l_free(tls->client_cert); l_free(tls->client_key); + if (tls->passphrase) + memset(tls->passphrase, 0, strlen(tls->passphrase)); l_free(tls->passphrase); if (tls->rx_pkt_buf) { diff --git a/src/eap-ttls.c b/src/eap-ttls.c index d9c9b5f6..1c7d66fc 100644 --- a/src/eap-ttls.c +++ b/src/eap-ttls.c @@ -60,6 +60,8 @@ static void eap_ttls_free(struct eap_state *eap) l_free(ttls->ca_cert); l_free(ttls->client_cert); l_free(ttls->client_key); + if (ttls->passphrase) + memset(ttls->passphrase, 0, strlen(ttls->passphrase)); l_free(ttls->passphrase); if (ttls->rx_pkt_buf) { @@ -788,6 +790,8 @@ err: l_free(ttls->ca_cert); l_free(ttls->client_cert); l_free(ttls->client_key); + if (ttls->passphrase) + memset(ttls->passphrase, 0, strlen(ttls->passphrase)); l_free(ttls->passphrase); l_free(ttls);