From: Jouni Malinen <j@w1.fi>
Date: Sun, 30 Nov 2014 23:25:52 +0000 (+0200)
Subject: EAP-TLS server: Clear temporary buffer during EMSK derivation
X-Git-Tag: hostap_2_4~959
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9429bee4cc76d768b529e0e5d80bb77f95fa3de9;p=thirdparty%2Fhostap.git

EAP-TLS server: Clear temporary buffer during EMSK derivation

Now that EMSK derivation is taken into use with ERP, it is better to
make sure the temporary MSK + EMSK buffer does not get left in heap
after use.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index 0c9e856d5..58cfe8ac6 100644
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -287,7 +287,7 @@ static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len)
 		if (emsk)
 			os_memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN,
 				  EAP_EMSK_LEN);
-		os_free(eapKeyData);
+		bin_clear_free(eapKeyData, EAP_TLS_KEY_LEN + EAP_EMSK_LEN);
 	} else
 		emsk = NULL;