Clear allocated debug message buffers explicitly

When hostapd or wpa_supplicant is run in debug more with key material
prints allowed (-K on the command line), it is possible for passwords
and keying material to show up in debug prints. Since some of the debug
cases end up allocating a temporary buffer from the heap for processing
purposes, a copy of such password may remain in heap. Clear these
temporary buffers explicitly to avoid causing issues for hwsim test
cases that verify contents of memory against unexpected keys.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index 78a150634fa79c63d27dc527200f43198c447552..9dde32f8371137763d26770b8faba5339705bb51 100644 (file)
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -893,6 +893,7 @@ endif
 
 OBJS_c = hostapd_cli.c src/common/wpa_ctrl.c src/utils/os_$(CONFIG_OS).c
 OBJS_c += src/utils/eloop.c
+OBJS_c += src/utils/common.c
 ifdef CONFIG_WPA_TRACE
 OBJS_c += src/utils/trace.c
 endif

diff --git a/hostapd/Makefile b/hostapd/Makefile
index 3c7bd6f9d52a235d6c512f24552af37b967f31f7..d4fd36e008392b9d137900f1efaa1d0b630c75c2 100644 (file)
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -108,6 +108,7 @@ LIBS_n += -lrt
 endif
 
 OBJS += ../src/utils/common.o
+OBJS_c += ../src/utils/common.o
 OBJS += ../src/utils/wpa_debug.o
 OBJS_c += ../src/utils/wpa_debug.o
 OBJS += ../src/utils/wpabuf.o

diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c
index 82a899988f6fb815d985ab88c67b46a0557ca460..b7a6dbaef4aa300d34ba0c4281c57d6a9b74614a 100644 (file)
--- a/src/utils/wpa_debug.c
+++ b/src/utils/wpa_debug.c
@@ -307,7 +307,7 @@ static void _wpa_hexdump(int level, const char *title, const u8 *buf,
                                    "%s - hexdump(len=%lu):%s%s",
                                    title, (long unsigned int) len, display,
                                    len > slen ? " ..." : "");
-               os_free(strbuf);
+               bin_clear_free(strbuf, 1 + 3 * slen);
                return;
        }
 #else /* CONFIG_ANDROID_LOG */
@@ -339,7 +339,7 @@ static void _wpa_hexdump(int level, const char *title, const u8 *buf,
 
                syslog(syslog_priority(level), "%s - hexdump(len=%lu):%s",
                       title, (unsigned long) len, display);
-               os_free(strbuf);
+               bin_clear_free(strbuf, 1 + 3 * len);
                return;
        }
 #endif /* CONFIG_DEBUG_SYSLOG */
@@ -636,7 +636,7 @@ void wpa_msg(void *ctx, int level, const char *fmt, ...)
        wpa_printf(level, "%s%s", prefix, buf);
        if (wpa_msg_cb)
                wpa_msg_cb(ctx, level, WPA_MSG_PER_INTERFACE, buf, len);
-       os_free(buf);
+       bin_clear_free(buf, buflen);
 }
 
 
@@ -664,7 +664,7 @@ void wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...)
        len = vsnprintf(buf, buflen, fmt, ap);
        va_end(ap);
        wpa_msg_cb(ctx, level, WPA_MSG_PER_INTERFACE, buf, len);
-       os_free(buf);
+       bin_clear_free(buf, buflen);
 }
 
 
@@ -691,7 +691,7 @@ void wpa_msg_global(void *ctx, int level, const char *fmt, ...)
        wpa_printf(level, "%s", buf);
        if (wpa_msg_cb)
                wpa_msg_cb(ctx, level, WPA_MSG_GLOBAL, buf, len);
-       os_free(buf);
+       bin_clear_free(buf, buflen);
 }
 
 
@@ -719,7 +719,7 @@ void wpa_msg_global_ctrl(void *ctx, int level, const char *fmt, ...)
        len = vsnprintf(buf, buflen, fmt, ap);
        va_end(ap);
        wpa_msg_cb(ctx, level, WPA_MSG_GLOBAL, buf, len);
-       os_free(buf);
+       bin_clear_free(buf, buflen);
 }
 
 
@@ -746,7 +746,7 @@ void wpa_msg_no_global(void *ctx, int level, const char *fmt, ...)
        wpa_printf(level, "%s", buf);
        if (wpa_msg_cb)
                wpa_msg_cb(ctx, level, WPA_MSG_NO_GLOBAL, buf, len);
-       os_free(buf);
+       bin_clear_free(buf, buflen);
 }
 
 #endif /* CONFIG_NO_WPA_MSG */
@@ -789,6 +789,6 @@ void hostapd_logger(void *ctx, const u8 *addr, unsigned int module, int level,
                           MAC2STR(addr), buf);
        else
                wpa_printf(MSG_DEBUG, "hostapd_logger: %s", buf);
-       os_free(buf);
+       bin_clear_free(buf, buflen);
 }
 #endif /* CONFIG_NO_HOSTAPD_LOGGER */