mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 21:22:37 +01:00
eap-gtc: Memzero copies of secrets
The single-use password is apparently sent in plaintext over the network but at least try to prevent it from staying in the memory until we know it's been used.
This commit is contained in:
parent
5306e37279
commit
aa7abb44c5
@ -41,6 +41,9 @@ static void eap_gtc_free(struct eap_state *eap)
|
|||||||
|
|
||||||
eap_set_data(eap, NULL);
|
eap_set_data(eap, NULL);
|
||||||
|
|
||||||
|
if (gtc->password)
|
||||||
|
explicit_bzero(gtc->password, strlen(gtc->password));
|
||||||
|
|
||||||
l_free(gtc->password);
|
l_free(gtc->password);
|
||||||
l_free(gtc);
|
l_free(gtc);
|
||||||
}
|
}
|
||||||
@ -110,6 +113,7 @@ static int eap_gtc_check_settings(struct l_settings *settings,
|
|||||||
password = l_settings_get_string(settings, "Security",
|
password = l_settings_get_string(settings, "Security",
|
||||||
password_key_old);
|
password_key_old);
|
||||||
if (password) {
|
if (password) {
|
||||||
|
explicit_bzero(password, strlen(password));
|
||||||
l_warn("Setting '%s' is deprecated, use '%s' instead",
|
l_warn("Setting '%s' is deprecated, use '%s' instead",
|
||||||
password_key_old, password_key);
|
password_key_old, password_key);
|
||||||
return 0;
|
return 0;
|
||||||
@ -123,7 +127,8 @@ static int eap_gtc_check_settings(struct l_settings *settings,
|
|||||||
eap_append_secret(out_missing, EAP_SECRET_REMOTE_PASSWORD,
|
eap_append_secret(out_missing, EAP_SECRET_REMOTE_PASSWORD,
|
||||||
password_key, NULL, identity,
|
password_key, NULL, identity,
|
||||||
EAP_CACHE_TEMPORARY);
|
EAP_CACHE_TEMPORARY);
|
||||||
}
|
} else
|
||||||
|
explicit_bzero(password, strlen(password));
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user