Commit 538c9eb8 authored by Johannes Berg's avatar Johannes Berg

cfg80211: clear wext keys when freeing and removing them

When freeing the keys stored for wireless extensions, clear the memory
to avoid having the key material stick around in memory "forever".
Similarly, when userspace overwrites a key, actually clear it instead
of just setting the key length to zero.
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 29c3f9c3
...@@ -1007,7 +1007,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb, ...@@ -1007,7 +1007,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
rdev->devlist_generation++; rdev->devlist_generation++;
cfg80211_mlme_purge_registrations(wdev); cfg80211_mlme_purge_registrations(wdev);
#ifdef CONFIG_CFG80211_WEXT #ifdef CONFIG_CFG80211_WEXT
kfree(wdev->wext.keys); kzfree(wdev->wext.keys);
#endif #endif
} }
/* /*
......
...@@ -496,6 +496,8 @@ static int __cfg80211_set_encryption(struct cfg80211_registered_device *rdev, ...@@ -496,6 +496,8 @@ static int __cfg80211_set_encryption(struct cfg80211_registered_device *rdev,
err = 0; err = 0;
if (!err) { if (!err) {
if (!addr) { if (!addr) {
memset(wdev->wext.keys->data[idx], 0,
sizeof(wdev->wext.keys->data[idx]));
wdev->wext.keys->params[idx].key_len = 0; wdev->wext.keys->params[idx].key_len = 0;
wdev->wext.keys->params[idx].cipher = 0; wdev->wext.keys->params[idx].cipher = 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment