EAP-TLS server: Clear temporary buffer during EMSK derivation

Now that EMSK derivation is taken into use with ERP, it is better to
make sure the temporary MSK + EMSK buffer does not get left in heap
after use.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index 0c9e856d571f75a3d7e5d0339d680d39ba0086dc..58cfe8ac64a027d415df29d9ce0c0f00729f1d5d 100644 (file)
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -287,7 +287,7 @@ static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
                if (emsk)
                        os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN,
                                  EAP_EMSK_LEN);
-               os_free(eapKeyData);
+               bin_clear_free(eapKeyData, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
        } else
                emsk = NULL;