Commit b47f610b authored by Johannes Berg's avatar Johannes Berg
Browse files

cfg80211: clear connect keys when freeing them 



When freeing the connect keys, clear the memory to avoid
having the key material stick around in memory "forever".

Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent b1e9be87

net/wireless/ibss.c

+2 −2
Original line number Diff line number Diff line
@@ -115,7 +115,7 @@ static int __cfg80211_join_ibss(struct cfg80211_registered_device *rdev, 
	}



	if (WARN_ON(wdev->connect_keys))

		kfree(wdev->connect_keys);

		kzfree(wdev->connect_keys);

	wdev->connect_keys = connkeys;



	wdev->ibss_fixed = params->channel_fixed;
@@ -161,7 +161,7 @@ static void __cfg80211_clear_ibss(struct net_device *dev, bool nowext) 


	ASSERT_WDEV_LOCK(wdev);



	kfree(wdev->connect_keys);

	kzfree(wdev->connect_keys);

	wdev->connect_keys = NULL;



	rdev_set_qos_map(rdev, dev, NULL);

net/wireless/nl80211.c

+4 −4
Original line number Diff line number Diff line
@@ -6866,7 +6866,7 @@ static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 


	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);

	if (err)

		kfree(connkeys);

		kzfree(connkeys);

	return err;

}
@@ -7235,7 +7235,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 


	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {

		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {

			kfree(connkeys);

			kzfree(connkeys);

			return -EINVAL;

		}

		memcpy(&connect.ht_capa,
@@ -7253,7 +7253,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 


	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {

		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {

			kfree(connkeys);

			kzfree(connkeys);

			return -EINVAL;

		}

		memcpy(&connect.vht_capa,
@@ -7273,7 +7273,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 
	err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);

	wdev_unlock(dev->ieee80211_ptr);

	if (err)

		kfree(connkeys);

		kzfree(connkeys);

	return err;

}

net/wireless/sme.c

+3 −3
Original line number Diff line number Diff line
@@ -641,7 +641,7 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, 
	}



	if (status != WLAN_STATUS_SUCCESS) {

		kfree(wdev->connect_keys);

		kzfree(wdev->connect_keys);

		wdev->connect_keys = NULL;

		wdev->ssid_len = 0;

		if (bss) {
@@ -918,7 +918,7 @@ int cfg80211_connect(struct cfg80211_registered_device *rdev, 
	ASSERT_WDEV_LOCK(wdev);



	if (WARN_ON(wdev->connect_keys)) {

		kfree(wdev->connect_keys);

		kzfree(wdev->connect_keys);

		wdev->connect_keys = NULL;

	}
@@ -978,7 +978,7 @@ int cfg80211_disconnect(struct cfg80211_registered_device *rdev, 


	ASSERT_WDEV_LOCK(wdev);



	kfree(wdev->connect_keys);

	kzfree(wdev->connect_keys);

	wdev->connect_keys = NULL;



	if (wdev->conn)

net/wireless/util.c

+1 −1
Original line number Diff line number Diff line
@@ -797,7 +797,7 @@ void cfg80211_upload_connect_keys(struct wireless_dev *wdev) 
				netdev_err(dev, "failed to set mgtdef %d\n", i);

	}



	kfree(wdev->connect_keys);

	kzfree(wdev->connect_keys);

	wdev->connect_keys = NULL;

}

net/wireless/wext-sme.c

+1 −1
Original line number Diff line number Diff line
@@ -57,7 +57,7 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev, 
	err = cfg80211_connect(rdev, wdev->netdev,

			       &wdev->wext.connect, ck, prev_bssid);

	if (err)

		kfree(ck);

		kzfree(ck);



	return err;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE