From: Johannes Berg <johannes.berg@xxxxxxxxx>
When freeing the keys stored for wireless extensions, clear the memory
to avoid having the key material stick around in memory "forever".
Similarly, when userspace overwrites a key, actually clear it instead
of just setting the key length to zero.
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
---
net/wireless/core.c | 2 +-
net/wireless/wext-compat.c | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 6030ecc..052870f 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -1036,7 +1036,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
rdev->devlist_generation++;
cfg80211_mlme_purge_registrations(wdev);
#ifdef CPTCFG_CFG80211_WEXT
- kfree(wdev->wext.keys);
+ kzfree(wdev->wext.keys);
#endif
}
/*
diff --git a/net/wireless/wext-compat.c b/net/wireless/wext-compat.c
index 11120bb..f067e64 100644
--- a/net/wireless/wext-compat.c
+++ b/net/wireless/wext-compat.c
@@ -496,6 +496,8 @@ static int __cfg80211_set_encryption(struct cfg80211_registered_device *rdev,
err = 0;
if (!err) {
if (!addr) {
+ memset(wext->wext.keys->params[idx].data, 0,
+ sizeof(wext->wext.keys->params[idx].data));
wdev->wext.keys->params[idx].key_len = 0;
wdev->wext.keys->params[idx].cipher = 0;
}
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
