3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 13:02:44 +01:00

eap-gtc: Memzero copies of secrets

The single-use password is apparently sent in plaintext over the network
but at least try to prevent it from staying in the memory until we know
it's been used.
This commit is contained in:
Andrew Zaborowski 2019-03-19 01:25:24 +01:00 committed by Denis Kenzior
parent 5306e37279
commit aa7abb44c5

View File

@ -41,6 +41,9 @@ static void eap_gtc_free(struct eap_state *eap)
eap_set_data(eap, NULL); eap_set_data(eap, NULL);
if (gtc->password)
explicit_bzero(gtc->password, strlen(gtc->password));
l_free(gtc->password); l_free(gtc->password);
l_free(gtc); l_free(gtc);
} }
@ -110,6 +113,7 @@ static int eap_gtc_check_settings(struct l_settings *settings,
password = l_settings_get_string(settings, "Security", password = l_settings_get_string(settings, "Security",
password_key_old); password_key_old);
if (password) { if (password) {
explicit_bzero(password, strlen(password));
l_warn("Setting '%s' is deprecated, use '%s' instead", l_warn("Setting '%s' is deprecated, use '%s' instead",
password_key_old, password_key); password_key_old, password_key);
return 0; return 0;
@ -123,7 +127,8 @@ static int eap_gtc_check_settings(struct l_settings *settings,
eap_append_secret(out_missing, EAP_SECRET_REMOTE_PASSWORD, eap_append_secret(out_missing, EAP_SECRET_REMOTE_PASSWORD,
password_key, NULL, identity, password_key, NULL, identity,
EAP_CACHE_TEMPORARY); EAP_CACHE_TEMPORARY);
} } else
explicit_bzero(password, strlen(password));
return 0; return 0;
} }