WPS: Clear keys/PINs explicitly

Use an explicit memset call to clear any configuration parameter and
dynamic data that contains private information like keys or identity.
This brings in an additional layer of protection by reducing the length
of time this type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/wps/wps.c b/src/wps/wps.c
index 648cfd10f60885e835e3683debbc2ad93710b466..b0f6887ce63e3b54bce3b9a1dea97e545593c846 100644 (file)
--- a/src/wps/wps.c
+++ b/src/wps/wps.c
@@ -89,7 +89,7 @@ struct wps_data * wps_init(const struct wps_config *cfg)
        if (cfg->pbc) {
                /* Use special PIN '00000000' for PBC */
                data->dev_pw_id = DEV_PW_PUSHBUTTON;
-               os_free(data->dev_password);
+               bin_clear_free(data->dev_password, data->dev_password_len);
                data->dev_password = (u8 *) os_strdup("00000000");
                if (data->dev_password == NULL) {
                        os_free(data);
@@ -122,7 +122,8 @@ struct wps_data * wps_init(const struct wps_config *cfg)
                data->new_ap_settings =
                        os_malloc(sizeof(*data->new_ap_settings));
                if (data->new_ap_settings == NULL) {
-                       os_free(data->dev_password);
+                       bin_clear_free(data->dev_password,
+                                      data->dev_password_len);
                        os_free(data);
                        return NULL;
                }
@@ -173,11 +174,11 @@ void wps_deinit(struct wps_data *data)
        wpabuf_free(data->dh_pubkey_e);
        wpabuf_free(data->dh_pubkey_r);
        wpabuf_free(data->last_msg);
-       os_free(data->dev_password);
-       os_free(data->alt_dev_password);
-       os_free(data->new_psk);
+       bin_clear_free(data->dev_password, data->dev_password_len);
+       bin_clear_free(data->alt_dev_password, data->alt_dev_password_len);
+       bin_clear_free(data->new_psk, data->new_psk_len);
        wps_device_data_free(&data->peer_dev);
-       os_free(data->new_ap_settings);
+       bin_clear_free(data->new_ap_settings, sizeof(*data->new_ap_settings));
        dh5_free(data->dh_ctx);
        os_free(data);
 }

diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index b0b10ba8deca6d37a1bc4ed34a24d94ff28ab450..f7d41b4dee21f1e0a599c11524ddeda6014323ce 100644 (file)
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -892,7 +892,7 @@ static int wps_process_dev_pw_id(struct wps_data *wps, const u8 *dev_pw_id)
 
        if (wps->alt_dev_password && wps->alt_dev_pw_id == id) {
                wpa_printf(MSG_DEBUG, "WPS: Found a matching Device Password");
-               os_free(wps->dev_password);
+               bin_clear_free(wps->dev_password, wps->dev_password_len);
                wps->dev_pw_id = wps->alt_dev_pw_id;
                wps->dev_password = wps->alt_dev_password;
                wps->dev_password_len = wps->alt_dev_password_len;

diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index a3d0df7624f072de8be45034cc35630cd9aa50a5..00c8299ac0b8e9874d679ffddbddc85319d58f3a 100644 (file)
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -42,7 +42,7 @@ struct wps_nfc_pw_token {
 static void wps_remove_nfc_pw_token(struct wps_nfc_pw_token *token)
 {
        dl_list_del(&token->list);
-       os_free(token);
+       bin_clear_free(token, sizeof(*token));
 }
 
 
@@ -91,7 +91,7 @@ struct wps_uuid_pin {
 
 static void wps_free_pin(struct wps_uuid_pin *pin)
 {
-       os_free(pin->pin);
+       bin_clear_free(pin->pin, pin->pin_len);
        os_free(pin);
 }
 
@@ -1343,7 +1343,7 @@ static int wps_get_dev_password(struct wps_data *wps)
        const u8 *pin;
        size_t pin_len = 0;
 
-       os_free(wps->dev_password);
+       bin_clear_free(wps->dev_password, wps->dev_password_len);
        wps->dev_password = NULL;
 
        if (wps->pbc) {