From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Fri, 25 Feb 2022 23:10:32 +0000 (+0200)
Subject: Clear last set keys (for testing purposes) from memory explicitly
X-Git-Tag: hostap_2_11~2209
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=af1f0694e1b710366e8b6559a881c082e6c3df93;p=thirdparty%2Fhostap.git

Clear last set keys (for testing purposes) from memory explicitly

This makes it easier to scan process memory for key information that is
not supposed to remain there after the last use.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---

diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index ccd1ed931..62620e2a8 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -410,6 +410,7 @@ void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
 
 #ifdef CONFIG_TESTING_OPTIONS
 	os_free(sta->sae_postponed_commit);
+	forced_memzero(sta->last_tk, WPA_TK_MAX_LEN);
 #endif /* CONFIG_TESTING_OPTIONS */
 
 	os_free(sta);
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 3e9921553..1103a48d7 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1631,4 +1631,10 @@ void hostapd_deinit_wpa(struct hostapd_data *hapd)
 	hapd->l2 = NULL;
 	hostapd_wpa_unregister_ft_oui(hapd);
 #endif /* CONFIG_IEEE80211R_AP */
+
+#ifdef CONFIG_TESTING_OPTIONS
+	forced_memzero(hapd->last_gtk, WPA_GTK_MAX_LEN);
+	forced_memzero(hapd->last_igtk, WPA_IGTK_MAX_LEN);
+	forced_memzero(hapd->last_bigtk, WPA_BIGTK_MAX_LEN);
+#endif /* CONFIG_TESTING_OPTIONS */
 }