cfg80211: clear wext keys when freeing and removing them
authorJohannes Berg <johannes.berg@intel.com>
Wed, 10 Sep 2014 10:39:56 +0000 (13:39 +0300)
committerJohannes Berg <johannes.berg@intel.com>
Thu, 11 Sep 2014 10:07:28 +0000 (12:07 +0200)
When freeing the keys stored for wireless extensions, clear the memory
to avoid having the key material stick around in memory "forever".
Similarly, when userspace overwrites a key, actually clear it instead
of just setting the key length to zero.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/wireless/core.c
net/wireless/wext-compat.c

index 9698fe7092519df03027c639f80df86ccbc2702d..55ec9be9feb7e400df73a95c2501335a5781a570 100644 (file)
@@ -1007,7 +1007,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
                        rdev->devlist_generation++;
                        cfg80211_mlme_purge_registrations(wdev);
 #ifdef CONFIG_CFG80211_WEXT
-                       kfree(wdev->wext.keys);
+                       kzfree(wdev->wext.keys);
 #endif
                }
                /*
index 11120bb14162505043579628bed2ad131ba41f7d..0f47948c572f5eae30403d98be88e4d233c1903a 100644 (file)
@@ -496,6 +496,8 @@ static int __cfg80211_set_encryption(struct cfg80211_registered_device *rdev,
                        err = 0;
                if (!err) {
                        if (!addr) {
+                               memset(wdev->wext.keys->data[idx], 0,
+                                      sizeof(wdev->wext.keys->data[idx]));
                                wdev->wext.keys->params[idx].key_len = 0;
                                wdev->wext.keys->params[idx].cipher = 0;
                        }