Commit b47f610b authored by Johannes Berg's avatar Johannes Berg

cfg80211: clear connect keys when freeing them

When freeing the connect keys, clear the memory to avoid
having the key material stick around in memory "forever".
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent b1e9be87
...@@ -115,7 +115,7 @@ static int __cfg80211_join_ibss(struct cfg80211_registered_device *rdev, ...@@ -115,7 +115,7 @@ static int __cfg80211_join_ibss(struct cfg80211_registered_device *rdev,
} }
if (WARN_ON(wdev->connect_keys)) if (WARN_ON(wdev->connect_keys))
kfree(wdev->connect_keys); kzfree(wdev->connect_keys);
wdev->connect_keys = connkeys; wdev->connect_keys = connkeys;
wdev->ibss_fixed = params->channel_fixed; wdev->ibss_fixed = params->channel_fixed;
...@@ -161,7 +161,7 @@ static void __cfg80211_clear_ibss(struct net_device *dev, bool nowext) ...@@ -161,7 +161,7 @@ static void __cfg80211_clear_ibss(struct net_device *dev, bool nowext)
ASSERT_WDEV_LOCK(wdev); ASSERT_WDEV_LOCK(wdev);
kfree(wdev->connect_keys); kzfree(wdev->connect_keys);
wdev->connect_keys = NULL; wdev->connect_keys = NULL;
rdev_set_qos_map(rdev, dev, NULL); rdev_set_qos_map(rdev, dev, NULL);
......
...@@ -6866,7 +6866,7 @@ static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) ...@@ -6866,7 +6866,7 @@ static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
if (err) if (err)
kfree(connkeys); kzfree(connkeys);
return err; return err;
} }
...@@ -7235,7 +7235,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) ...@@ -7235,7 +7235,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) { if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
kfree(connkeys); kzfree(connkeys);
return -EINVAL; return -EINVAL;
} }
memcpy(&connect.ht_capa, memcpy(&connect.ht_capa,
...@@ -7253,7 +7253,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) ...@@ -7253,7 +7253,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) { if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) { if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
kfree(connkeys); kzfree(connkeys);
return -EINVAL; return -EINVAL;
} }
memcpy(&connect.vht_capa, memcpy(&connect.vht_capa,
...@@ -7273,7 +7273,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) ...@@ -7273,7 +7273,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL); err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
wdev_unlock(dev->ieee80211_ptr); wdev_unlock(dev->ieee80211_ptr);
if (err) if (err)
kfree(connkeys); kzfree(connkeys);
return err; return err;
} }
......
...@@ -641,7 +641,7 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid, ...@@ -641,7 +641,7 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
} }
if (status != WLAN_STATUS_SUCCESS) { if (status != WLAN_STATUS_SUCCESS) {
kfree(wdev->connect_keys); kzfree(wdev->connect_keys);
wdev->connect_keys = NULL; wdev->connect_keys = NULL;
wdev->ssid_len = 0; wdev->ssid_len = 0;
if (bss) { if (bss) {
...@@ -918,7 +918,7 @@ int cfg80211_connect(struct cfg80211_registered_device *rdev, ...@@ -918,7 +918,7 @@ int cfg80211_connect(struct cfg80211_registered_device *rdev,
ASSERT_WDEV_LOCK(wdev); ASSERT_WDEV_LOCK(wdev);
if (WARN_ON(wdev->connect_keys)) { if (WARN_ON(wdev->connect_keys)) {
kfree(wdev->connect_keys); kzfree(wdev->connect_keys);
wdev->connect_keys = NULL; wdev->connect_keys = NULL;
} }
...@@ -978,7 +978,7 @@ int cfg80211_disconnect(struct cfg80211_registered_device *rdev, ...@@ -978,7 +978,7 @@ int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
ASSERT_WDEV_LOCK(wdev); ASSERT_WDEV_LOCK(wdev);
kfree(wdev->connect_keys); kzfree(wdev->connect_keys);
wdev->connect_keys = NULL; wdev->connect_keys = NULL;
if (wdev->conn) if (wdev->conn)
......
...@@ -797,7 +797,7 @@ void cfg80211_upload_connect_keys(struct wireless_dev *wdev) ...@@ -797,7 +797,7 @@ void cfg80211_upload_connect_keys(struct wireless_dev *wdev)
netdev_err(dev, "failed to set mgtdef %d\n", i); netdev_err(dev, "failed to set mgtdef %d\n", i);
} }
kfree(wdev->connect_keys); kzfree(wdev->connect_keys);
wdev->connect_keys = NULL; wdev->connect_keys = NULL;
} }
......
...@@ -57,7 +57,7 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev, ...@@ -57,7 +57,7 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev,
err = cfg80211_connect(rdev, wdev->netdev, err = cfg80211_connect(rdev, wdev->netdev,
&wdev->wext.connect, ck, prev_bssid); &wdev->wext.connect, ck, prev_bssid);
if (err) if (err)
kfree(ck); kzfree(ck);
return err; return err;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment