From 570abd7bfbfb2328bc3237041d93388e9d37617e Mon Sep 17 00:00:00 2001 From: Denis Kenzior Date: Tue, 19 Mar 2019 11:25:22 -0500 Subject: [PATCH] eapol: Convert memsets to explicit_bzero We were wiping out certain secrets via memset. Convert them to explicit_bzero just in case the compiler decides to optimize them out. --- src/eapol.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/eapol.c b/src/eapol.c index 94966e56..9f53bc73 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -258,7 +258,7 @@ uint8_t *eapol_decrypt_key_data(enum ie_rsn_akm_suite akm, const uint8_t *kek, memcpy(key + 16, kek, 16); ret = arc4_skip(key, 32, 256, key_data, key_data_len, buf); - memset(key, 0, sizeof(key)); + explicit_bzero(key, sizeof(key)); if (!ret) goto error; @@ -795,9 +795,9 @@ static void eapol_sm_destroy(void *value) eapol_frame_watch_remove(sm->watch_id); sm->installed_gtk_len = 0; - memset(sm->installed_gtk, 0, sizeof(sm->installed_gtk)); + explicit_bzero(sm->installed_gtk, sizeof(sm->installed_gtk)); sm->installed_igtk_len = 0; - memset(sm->installed_igtk, 0, sizeof(sm->installed_igtk)); + explicit_bzero(sm->installed_igtk, sizeof(sm->installed_igtk)); l_free(sm);