WPA: Explicitly clear the buffer used for decrypting Key Data

When AES-WRAP was used to protect the EAPOL-Key Key Data field, this was
decrypted using a temporary heap buffer with aes_unwrap(). That buffer
was not explicitly cleared, so it was possible for the group keys to
remain in memory unnecessarily until the allocated area was reused.
Clean this up by clearing the temporary allocation explicitly before
freeing it.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 9bde3c816a7aa77830e83ff200c1d14a6051813a..669f658cf362e2b1e0c1563ab51a80ecc8f0ebaf 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1670,14 +1670,14 @@ static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
                }
                if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8,
                               key_data, buf)) {
-                       os_free(buf);
+                       bin_clear_free(buf, *key_data_len);
                        wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
                                "WPA: AES unwrap failed - "
                                "could not decrypt EAPOL-Key key data");
                        return -1;
                }
                os_memcpy(key_data, buf, *key_data_len);
-               os_free(buf);
+               bin_clear_free(buf, *key_data_len);
                WPA_PUT_BE16(key->key_data_length, *key_data_len);
        } else {
                wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,