From 1ce3485cc04e74a61ec9e3553378c1971bdb859d Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Thu, 23 Mar 2017 04:10:11 +0000 Subject: Use explicit_bzero() to wipe out key material and add some sizes to free(). ok stsp --- sys/net80211/ieee80211_crypto.c | 4 ++-- sys/net80211/ieee80211_crypto_bip.c | 8 +++++--- sys/net80211/ieee80211_crypto_ccmp.c | 8 +++++--- sys/net80211/ieee80211_crypto_tkip.c | 8 +++++--- sys/net80211/ieee80211_crypto_wep.c | 8 +++++--- sys/net80211/ieee80211_ioctl.c | 6 +++--- 6 files changed, 25 insertions(+), 17 deletions(-) (limited to 'sys/net80211') diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index 0decf6cea85..2c5406128e5 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto.c,v 1.68 2016/12/20 13:27:58 stsp Exp $ */ +/* $OpenBSD: ieee80211_crypto.c,v 1.69 2017/03/23 04:10:10 tb Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -86,7 +86,7 @@ ieee80211_crypto_detach(struct ifnet *ifp) while ((pmk = TAILQ_FIRST(&ic->ic_pmksa)) != NULL) { TAILQ_REMOVE(&ic->ic_pmksa, pmk, pmk_next); explicit_bzero(pmk, sizeof(*pmk)); - free(pmk, M_DEVBUF, 0); + free(pmk, M_DEVBUF, sizeof(*pmk)); } /* clear all group keys from memory */ diff --git a/sys/net80211/ieee80211_crypto_bip.c b/sys/net80211/ieee80211_crypto_bip.c index 6ab5fb676bf..307c05b1bce 100644 --- a/sys/net80211/ieee80211_crypto_bip.c +++ b/sys/net80211/ieee80211_crypto_bip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto_bip.c,v 1.7 2015/11/24 13:45:06 mpi Exp $ */ +/* $OpenBSD: ieee80211_crypto_bip.c,v 1.8 2017/03/23 04:10:10 tb Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -68,8 +68,10 @@ ieee80211_bip_set_key(struct ieee80211com *ic, struct ieee80211_key *k) void ieee80211_bip_delete_key(struct ieee80211com *ic, struct ieee80211_key *k) { - if (k->k_priv != NULL) - free(k->k_priv, M_DEVBUF, 0); + if (k->k_priv != NULL) { + explicit_bzero(k->k_priv, sizeof(struct ieee80211_bip_ctx)); + free(k->k_priv, M_DEVBUF, sizeof(struct ieee80211_bip_ctx)); + } k->k_priv = NULL; } diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c index 7a0ccb53337..acd60a6da2e 100644 --- a/sys/net80211/ieee80211_crypto_ccmp.c +++ b/sys/net80211/ieee80211_crypto_ccmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.18 2015/11/24 13:45:06 mpi Exp $ */ +/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.19 2017/03/23 04:10:10 tb Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -66,8 +66,10 @@ ieee80211_ccmp_set_key(struct ieee80211com *ic, struct ieee80211_key *k) void ieee80211_ccmp_delete_key(struct ieee80211com *ic, struct ieee80211_key *k) { - if (k->k_priv != NULL) - free(k->k_priv, M_DEVBUF, 0); + if (k->k_priv != NULL) { + explicit_bzero(k->k_priv, sizeof(struct ieee80211_ccmp_ctx)); + free(k->k_priv, M_DEVBUF, sizeof(struct ieee80211_ccmp_ctx)); + } k->k_priv = NULL; } diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c index 81b1fe85b25..ee26433987e 100644 --- a/sys/net80211/ieee80211_crypto_tkip.c +++ b/sys/net80211/ieee80211_crypto_tkip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto_tkip.c,v 1.27 2016/12/18 08:00:20 stsp Exp $ */ +/* $OpenBSD: ieee80211_crypto_tkip.c,v 1.28 2017/03/23 04:10:10 tb Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -94,8 +94,10 @@ ieee80211_tkip_set_key(struct ieee80211com *ic, struct ieee80211_key *k) void ieee80211_tkip_delete_key(struct ieee80211com *ic, struct ieee80211_key *k) { - if (k->k_priv != NULL) - free(k->k_priv, M_DEVBUF, 0); + if (k->k_priv != NULL) { + explicit_bzero(k->k_priv, sizeof(struct ieee80211_tkip_ctx)); + free(k->k_priv, M_DEVBUF, sizeof(struct ieee80211_tkip_ctx)); + } k->k_priv = NULL; } diff --git a/sys/net80211/ieee80211_crypto_wep.c b/sys/net80211/ieee80211_crypto_wep.c index 2e7958899a9..0bc428091c9 100644 --- a/sys/net80211/ieee80211_crypto_wep.c +++ b/sys/net80211/ieee80211_crypto_wep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto_wep.c,v 1.14 2015/11/24 13:45:06 mpi Exp $ */ +/* $OpenBSD: ieee80211_crypto_wep.c,v 1.15 2017/03/23 04:10:10 tb Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -66,8 +66,10 @@ ieee80211_wep_set_key(struct ieee80211com *ic, struct ieee80211_key *k) void ieee80211_wep_delete_key(struct ieee80211com *ic, struct ieee80211_key *k) { - if (k->k_priv != NULL) - free(k->k_priv, M_DEVBUF, 0); + if (k->k_priv != NULL) { + explicit_bzero(k->k_priv, sizeof(struct ieee80211_wep_ctx)); + free(k->k_priv, M_DEVBUF, sizeof(struct ieee80211_wep_ctx)); + } k->k_priv = NULL; } diff --git a/sys/net80211/ieee80211_ioctl.c b/sys/net80211/ieee80211_ioctl.c index 7da9a97f0f9..225e59c4007 100644 --- a/sys/net80211/ieee80211_ioctl.c +++ b/sys/net80211/ieee80211_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_ioctl.c,v 1.51 2017/03/21 07:59:54 stsp Exp $ */ +/* $OpenBSD: ieee80211_ioctl.c,v 1.52 2017/03/23 04:10:10 tb Exp $ */ /* $NetBSD: ieee80211_ioctl.c,v 1.15 2004/05/06 02:58:16 dyoung Exp $ */ /*- @@ -178,7 +178,7 @@ ieee80211_disable_wep(struct ieee80211com *ic) k = &ic->ic_nw_keys[i]; if (k->k_cipher != IEEE80211_CIPHER_NONE) (*ic->ic_delete_key)(ic, NULL, k); - memset(k, 0, sizeof(*k)); + explicit_bzero(k, sizeof(*k)); } ic->ic_flags &= ~IEEE80211_F_WEPON; } @@ -187,7 +187,7 @@ void ieee80211_disable_rsn(struct ieee80211com *ic) { ic->ic_flags &= ~(IEEE80211_F_PSK | IEEE80211_F_RSNON); - memset(ic->ic_psk, 0, sizeof(ic->ic_psk)); + explicit_bzero(ic->ic_psk, sizeof(ic->ic_psk)); ic->ic_rsnprotos = 0; ic->ic_rsnakms = 0; ic->ic_rsngroupcipher = 0; -- cgit v1.2.3