EAP server: Clear keying material on deinit

author Jouni Malinen <j@w1.fi>

Sun, 29 Jun 2014 22:48:41 +0000 (01:48 +0300)

committer Jouni Malinen <j@w1.fi>

Wed, 2 Jul 2014 09:38:48 +0000 (12:38 +0300)
author Jouni Malinen <j@w1.fi>
Sun, 29 Jun 2014 22:48:41 +0000 (01:48 +0300)
committer Jouni Malinen <j@w1.fi>
Wed, 2 Jul 2014 09:38:48 +0000 (12:38 +0300)
diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c

index 65d00ddaf8e22a50ebd70529e4752e24b220fb7a..c1bb6b83b713e82ff0bcbe225fc0d54691e08a8f 100644 (file)
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -168,7 +168,7 @@ SM_STATE(EAP, INITIALIZE)
         sm->eap_if.eapSuccess = FALSE;
         sm->eap_if.eapFail = FALSE;
         sm->eap_if.eapTimeout = FALSE;
-       os_free(sm->eap_if.eapKeyData);
+       bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
         sm->eap_if.eapKeyData = NULL;
         sm->eap_if.eapKeyDataLen = 0;
         sm->eap_if.eapKeyAvailable = FALSE;
@@ -346,7 +346,7 @@ SM_STATE(EAP, METHOD_RESPONSE)
         sm->m->process(sm, sm->eap_method_priv, sm->eap_if.eapRespData);
         if (sm->m->isDone(sm, sm->eap_method_priv)) {
                 eap_sm_Policy_update(sm, NULL, 0);
-               os_free(sm->eap_if.eapKeyData);
+               bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
                 if (sm->m->getKey) {
                         sm->eap_if.eapKeyData = sm->m->getKey(
                                 sm, sm->eap_method_priv,
@@ -632,7 +632,7 @@ SM_STATE(EAP, SUCCESS2)
         if (sm->eap_if.aaaEapKeyAvailable) {
                 EAP_COPY(&sm->eap_if.eapKeyData, sm->eap_if.aaaEapKeyData);
         } else {
-               os_free(sm->eap_if.eapKeyData);
+               bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
                 sm->eap_if.eapKeyData = NULL;
                 sm->eap_if.eapKeyDataLen = 0;
         }
@@ -1260,7 +1260,7 @@ static void eap_user_free(struct eap_user *user)
  {
         if (user == NULL)
                 return;
-       os_free(user->password);
+       bin_clear_free(user->password, user->password_len);
         user->password = NULL;
         os_free(user);
  }
@@ -1352,7 +1352,7 @@ void eap_server_sm_deinit(struct eap_sm *sm)
         if (sm->m && sm->eap_method_priv)
                 sm->m->reset(sm, sm->eap_method_priv);
         wpabuf_free(sm->eap_if.eapReqData);
-       os_free(sm->eap_if.eapKeyData);
+       bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
         wpabuf_free(sm->lastReqData);
         wpabuf_free(sm->eap_if.eapRespData);
         os_free(sm->identity);
@@ -1361,7 +1361,7 @@ void eap_server_sm_deinit(struct eap_sm *sm)
         os_free(sm->eap_fast_a_id_info);
         wpabuf_free(sm->eap_if.aaaEapReqData);
         wpabuf_free(sm->eap_if.aaaEapRespData);
-       os_free(sm->eap_if.aaaEapKeyData);
+       bin_clear_free(sm->eap_if.aaaEapKeyData, sm->eap_if.aaaEapKeyDataLen);
         eap_user_free(sm->user);
         wpabuf_free(sm->assoc_wps_ie);
         wpabuf_free(sm->assoc_p2p_ie);
diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c

index 1907f2007e0b2e8cd4b8eb6f75ff6e86cecf85c8..09b976e64a6a095397961d5541d92d5ff4e20780 100644 (file)
--- a/src/eap_server/eap_server_aka.c
+++ b/src/eap_server/eap_server_aka.c
@@ -241,7 +241,7 @@ static void eap_aka_reset(struct eap_sm *sm, void *priv)
         os_free(data->next_reauth_id);
         wpabuf_free(data->id_msgs);
         os_free(data->network_name);
-       os_free(data);
+       bin_clear_free(data, sizeof(*data));
  }
  
  
diff --git a/src/eap_server/eap_server_eke.c b/src/eap_server/eap_server_eke.c

index 47ce2464aa88c6bbef0d6c5c8abac3382ca4cb77..966f511ddddca280be2ef2aa0200ec6789ed1ff2 100644 (file)
--- a/src/eap_server/eap_server_eke.c
+++ b/src/eap_server/eap_server_eke.c
@@ -104,7 +104,7 @@ static void eap_eke_reset(struct eap_sm *sm, void *priv)
         eap_eke_session_clean(&data->sess);
         os_free(data->peerid);
         wpabuf_free(data->msgs);
-       os_free(data);
+       bin_clear_free(data, sizeof(*data));
  }
  
  
diff --git a/src/eap_server/eap_server_fast.c b/src/eap_server/eap_server_fast.c

index 06dcf7429a8d91c701aca4a238cc6b9d1d07adec..102451014e4e78addd31d14ad21e65f3a04e063c 100644 (file)
--- a/src/eap_server/eap_server_fast.c
+++ b/src/eap_server/eap_server_fast.c
@@ -511,7 +511,7 @@ static void eap_fast_reset(struct eap_sm *sm, void *priv)
         os_free(data->key_block_p);
         wpabuf_free(data->pending_phase2_resp);
         os_free(data->identity);
-       os_free(data);
+       bin_clear_free(data, sizeof(*data));
  }
  
  
diff --git a/src/eap_server/eap_server_gpsk.c b/src/eap_server/eap_server_gpsk.c

index 7618f7c376cdc611f5ce29e13d48ce840e5fba53..cb369e449df40163f19f75fd563340d940ca07e5 100644 (file)
--- a/src/eap_server/eap_server_gpsk.c
+++ b/src/eap_server/eap_server_gpsk.c
@@ -95,7 +95,7 @@ static void eap_gpsk_reset(struct eap_sm *sm, void *priv)
  {
         struct eap_gpsk_data *data = priv;
         os_free(data->id_peer);
-       os_free(data);
+       bin_clear_free(data, sizeof(*data));
  }
  
  
diff --git a/src/eap_server/eap_server_ikev2.c b/src/eap_server/eap_server_ikev2.c

index 3e32cc90c6f481bf8c748200ba0a104adb1e8b20..65b2ef699dda3713de214ccaddc698759c110d84 100644 (file)
--- a/src/eap_server/eap_server_ikev2.c
+++ b/src/eap_server/eap_server_ikev2.c
@@ -127,7 +127,7 @@ static void eap_ikev2_reset(struct eap_sm *sm, void *priv)
         wpabuf_free(data->in_buf);
         wpabuf_free(data->out_buf);
         ikev2_initiator_deinit(&data->ikev2);
-       os_free(data);
+       bin_clear_free(data, sizeof(*data));
  }
  
  
diff --git a/src/eap_server/eap_server_mschapv2.c b/src/eap_server/eap_server_mschapv2.c

index 68e6394c51f063037f24abacfd2a02857bbc5cd6..f7a753defa1dab6d55b7d4ead03a9c355651c446 100644 (file)
--- a/src/eap_server/eap_server_mschapv2.c
+++ b/src/eap_server/eap_server_mschapv2.c
@@ -91,7 +91,7 @@ static void eap_mschapv2_reset(struct eap_sm *sm, void *priv)
                 return;
  
         os_free(data->peer_challenge);
-       os_free(data);
+       bin_clear_free(data, sizeof(*data));
  }
  
  
diff --git a/src/eap_server/eap_server_pax.c b/src/eap_server/eap_server_pax.c

index d923cd7311686b8c3d8c1df14f2441a03596239a..c87848c4c4f0e2627669a24f4e7e10ff81177ecf 100644 (file)
--- a/src/eap_server/eap_server_pax.c
+++ b/src/eap_server/eap_server_pax.c
@@ -64,7 +64,7 @@ static void eap_pax_reset(struct eap_sm *sm, void *priv)
  {
         struct eap_pax_data *data = priv;
         os_free(data->cid);
-       os_free(data);
+       bin_clear_free(data, sizeof(*data));
  }
  
  
diff --git a/src/eap_server/eap_server_peap.c b/src/eap_server/eap_server_peap.c

index 55dee88a4bbf4ced59fff5403185c64ad3b0254f..594e02dd48c98150b192eeded2f4731b582e6005 100644 (file)
--- a/src/eap_server/eap_server_peap.c
+++ b/src/eap_server/eap_server_peap.c
@@ -172,7 +172,7 @@ static void eap_peap_reset(struct eap_sm *sm, void *priv)
         wpabuf_free(data->pending_phase2_resp);
         os_free(data->phase2_key);
         wpabuf_free(data->soh_response);
-       os_free(data);
+       bin_clear_free(data, sizeof(*data));
  }
  
  
diff --git a/src/eap_server/eap_server_psk.c b/src/eap_server/eap_server_psk.c

index 2cff49368a82018241580d2d69aa2a23d0dc59f8..db394e983ed6fb3eb34a75c5c757df130dd945f1 100644 (file)
--- a/src/eap_server/eap_server_psk.c
+++ b/src/eap_server/eap_server_psk.c
@@ -47,7 +47,7 @@ static void eap_psk_reset(struct eap_sm *sm, void *priv)
  {
         struct eap_psk_data *data = priv;
         os_free(data->id_p);
-       os_free(data);
+       bin_clear_free(data, sizeof(*data));
  }
  
  
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c

index 846ac1f819bbcdc69a34848c5b20f4e9a98b0f91..9154ab17b57079678951b2475e594c95fa4f3cf5 100644 (file)
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -116,7 +116,7 @@ static void * eap_pwd_init(struct eap_sm *sm)
         data->bnctx = BN_CTX_new();
         if (data->bnctx == NULL) {
                 wpa_printf(MSG_INFO, "EAP-PWD: bn context allocation fail");
-               os_free(data->password);
+               bin_clear_free(data->password, data->password_len);
                 os_free(data->id_server);
                 os_free(data);
                 return NULL;
@@ -144,7 +144,7 @@ static void eap_pwd_reset(struct eap_sm *sm, void *priv)
         EC_POINT_free(data->peer_element);
         os_free(data->id_peer);
         os_free(data->id_server);
-       os_free(data->password);
+       bin_clear_free(data->password, data->password_len);
         if (data->grp) {
                 EC_GROUP_free(data->grp->group);
                 EC_POINT_free(data->grp->pwe);
@@ -154,7 +154,7 @@ static void eap_pwd_reset(struct eap_sm *sm, void *priv)
         }
         wpabuf_free(data->inbuf);
         wpabuf_free(data->outbuf);
-       os_free(data);
+       bin_clear_free(data, sizeof(*data));
  }
  
  
diff --git a/src/eap_server/eap_server_sake.c b/src/eap_server/eap_server_sake.c

index b363ccf41dbd9a8bef5db360586f3bb1aa4f9cd1..1937621c9ce44835b357a772f2a434614b7ff6fa 100644 (file)
--- a/src/eap_server/eap_server_sake.c
+++ b/src/eap_server/eap_server_sake.c
@@ -83,7 +83,7 @@ static void eap_sake_reset(struct eap_sm *sm, void *priv)
  {
         struct eap_sake_data *data = priv;
         os_free(data->peerid);
-       os_free(data);
+       bin_clear_free(data, sizeof(*data));
  }
  
  
diff --git a/src/eap_server/eap_server_sim.c b/src/eap_server/eap_server_sim.c

index cd87a8bed53cbe2a346c3fb668297c4bb91bded2..23ee2b60e358050c60b98407857a521847cd3b2c 100644 (file)
--- a/src/eap_server/eap_server_sim.c
+++ b/src/eap_server/eap_server_sim.c
@@ -94,7 +94,7 @@ static void eap_sim_reset(struct eap_sm *sm, void *priv)
         struct eap_sim_data *data = priv;
         os_free(data->next_pseudonym);
         os_free(data->next_reauth_id);
-       os_free(data);
+       bin_clear_free(data, sizeof(*data));
  }
  
  
diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c

index 401e9830a9754e87c0b11b4e304d0b2e8e0f915b..31e3871dea4d369f180f2aee8c0b8fe9ef8484ec 100644 (file)
--- a/src/eap_server/eap_server_ttls.c
+++ b/src/eap_server/eap_server_ttls.c
@@ -336,7 +336,7 @@ static void eap_ttls_reset(struct eap_sm *sm, void *priv)
                 data->phase2_method->reset(sm, data->phase2_priv);
         eap_server_tls_ssl_deinit(sm, &data->ssl);
         wpabuf_free(data->pending_phase2_eap_resp);
-       os_free(data);
+       bin_clear_free(data, sizeof(*data));
  }
author	Jouni Malinen <j@w1.fi>
	Sun, 29 Jun 2014 22:48:41 +0000 (01:48 +0300)
committer	Jouni Malinen <j@w1.fi>
	Wed, 2 Jul 2014 09:38:48 +0000 (12:38 +0300)
src/eap_server/eap_server.c		patch \| blob \| blame \| history
src/eap_server/eap_server_aka.c		patch \| blob \| blame \| history
src/eap_server/eap_server_eke.c		patch \| blob \| blame \| history
src/eap_server/eap_server_fast.c		patch \| blob \| blame \| history
src/eap_server/eap_server_gpsk.c		patch \| blob \| blame \| history
src/eap_server/eap_server_ikev2.c		patch \| blob \| blame \| history
src/eap_server/eap_server_mschapv2.c		patch \| blob \| blame \| history
src/eap_server/eap_server_pax.c		patch \| blob \| blame \| history
src/eap_server/eap_server_peap.c		patch \| blob \| blame \| history
src/eap_server/eap_server_psk.c		patch \| blob \| blame \| history
src/eap_server/eap_server_pwd.c		patch \| blob \| blame \| history
src/eap_server/eap_server_sake.c		patch \| blob \| blame \| history
src/eap_server/eap_server_sim.c		patch \| blob \| blame \| history
src/eap_server/eap_server_ttls.c		patch \| blob \| blame \| history