Clear hostapd configuration keys explicitly

Use an explicit memset call to clear any hostapd configuration parameter
that contains private information like keys or identity. This brings in
an additional layer of protection by reducing the length of time this
type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 7535b1b75a2a83cf81086637f85d4c1888c64f05..bc9f6cf46b11cb62b0594eb9892b9ea18ab26f94 100644 (file)
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -379,7 +379,7 @@ void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
 {
        hostapd_config_free_radius_attr(user->accept_attr);
        os_free(user->identity);
-       os_free(user->password);
+       bin_clear_free(user->password, user->password_len);
        os_free(user);
 }
 
@@ -388,7 +388,7 @@ static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
 {
        int i;
        for (i = 0; i < NUM_WEP_KEYS; i++) {
-               os_free(keys->key[i]);
+               bin_clear_free(keys->key[i], keys->len[i]);
                keys->key[i] = NULL;
        }
 }
@@ -406,10 +406,10 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
        while (psk) {
                prev = psk;
                psk = psk->next;
-               os_free(prev);
+               bin_clear_free(prev, sizeof(*prev));
        }
 
-       os_free(conf->ssid.wpa_passphrase);
+       str_clear_free(conf->ssid.wpa_passphrase);
        os_free(conf->ssid.wpa_psk_file);
        hostapd_config_free_wep(&conf->ssid.wep);
 #ifdef CONFIG_FULL_DYNAMIC_VLAN

diff --git a/src/ap/eap_user_db.c b/src/ap/eap_user_db.c
index 371a73f2a52f3695d4b60f50d5ed1126f52bdb1b..559d77f9ef2b8606555214a589c357ad99a51868 100644 (file)
--- a/src/ap/eap_user_db.c
+++ b/src/ap/eap_user_db.c
@@ -83,7 +83,7 @@ static int get_user_cb(void *ctx, int argc, char *argv[], char *col[])
 
        for (i = 0; i < argc; i++) {
                if (os_strcmp(col[i], "password") == 0 && argv[i]) {
-                       os_free(user->password);
+                       bin_clear_free(user->password, user->password_len);
                        user->password_len = os_strlen(argv[i]);
                        user->password = (u8 *) os_strdup(argv[i]);
                        user->next = (void *) 1;
@@ -118,7 +118,7 @@ static int get_wildcard_cb(void *ctx, int argc, char *argv[], char *col[])
        if (len <= user->identity_len &&
            os_memcmp(argv[id], user->identity, len) == 0 &&
            (user->password == NULL || len > user->password_len)) {
-               os_free(user->password);
+               bin_clear_free(user->password, user->password_len);
                user->password_len = os_strlen(argv[id]);
                user->password = (u8 *) os_strdup(argv[id]);
                user->next = (void *) 1;
@@ -158,8 +158,10 @@ eap_user_sqlite_get(struct hostapd_data *hapd, const u8 *identity,
                return NULL;
        }
 
-       os_free(hapd->tmp_eap_user.identity);
-       os_free(hapd->tmp_eap_user.password);
+       bin_clear_free(hapd->tmp_eap_user.identity,
+                      hapd->tmp_eap_user.identity_len);
+       bin_clear_free(hapd->tmp_eap_user.password,
+                      hapd->tmp_eap_user.password_len);
        os_memset(&hapd->tmp_eap_user, 0, sizeof(hapd->tmp_eap_user));
        hapd->tmp_eap_user.phase2 = phase2;
        hapd->tmp_eap_user.identity = os_zalloc(identity_len + 1);

diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 55b7ced8adeeceadf6bd8745c53c9c05b25c9a04..26aca2b05457c831faafd34987593d2a1ace7d23 100644 (file)
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -311,8 +311,10 @@ static void hostapd_free_hapd_data(struct hostapd_data *hapd)
 #endif /* CONFIG_INTERWORKING */
 
 #ifdef CONFIG_SQLITE
-       os_free(hapd->tmp_eap_user.identity);
-       os_free(hapd->tmp_eap_user.password);
+       bin_clear_free(hapd->tmp_eap_user.identity,
+                      hapd->tmp_eap_user.identity_len);
+       bin_clear_free(hapd->tmp_eap_user.password,
+                      hapd->tmp_eap_user.password_len);
 #endif /* CONFIG_SQLITE */
 }
 

diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index 00ad6af6f81d2b8b49ab40be7c88f9190918f3a3..24348a395249220668e5e592f4d116cf6c2663a6 100644 (file)
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -623,7 +623,7 @@ radius_server_get_new_session(struct radius_server_data *data,
 
        os_memset(&tmp, 0, sizeof(tmp));
        res = data->get_eap_user(data->conf_ctx, user, user_len, 0, &tmp);
-       os_free(tmp.password);
+       bin_clear_free(tmp.password, tmp.password_len);
 
        if (res != 0) {
                RADIUS_DEBUG("User-Name not found from user database");
@@ -852,7 +852,7 @@ radius_server_macacl(struct radius_server_data *data,
                                         os_strlen(sess->username), 0, &tmp);
                if (res || !tmp.macacl || tmp.password == NULL) {
                        RADIUS_DEBUG("No MAC ACL user entry");
-                       os_free(tmp.password);
+                       bin_clear_free(tmp.password, tmp.password_len);
                        code = RADIUS_CODE_ACCESS_REJECT;
                } else {
                        u8 buf[128];
@@ -861,7 +861,7 @@ radius_server_macacl(struct radius_server_data *data,
                                (u8 *) client->shared_secret,
                                client->shared_secret_len,
                                buf, sizeof(buf));
-                       os_free(tmp.password);
+                       bin_clear_free(tmp.password, tmp.password_len);
 
                        if (res < 0 || pw_len != (size_t) res ||
                            os_memcmp_const(pw, buf, res) != 0) {