[PATCH 2/2] SAE: explicitly clear SAE(k)
Benjamin Berg
benjamin at sipsolutions.net
Tue Mar 18 03:19:56 PDT 2025
From: Benjamin Berg <benjamin.berg at intel.com>
The code never cleared SAE(k) and the data could remain on the stack for
a longer period of time. This caused a test failure when running with
ASAN enabled.
Explicitly clear the variable to ensure no data is leaked.
Signed-off-by: Benjamin Berg <benjamin.berg at intel.com>
---
src/common/sae.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/common/sae.c b/src/common/sae.c
index 801f36301d..8005095fc6 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -1670,12 +1670,17 @@ fail:
int sae_process_commit(struct sae_data *sae)
{
u8 k[SAE_MAX_PRIME_LEN];
+ int ret = 0;
+
if (sae->tmp == NULL ||
(sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) ||
(sae->tmp->dh && sae_derive_k_ffc(sae, k) < 0) ||
sae_derive_keys(sae, k) < 0)
- return -1;
- return 0;
+ ret = -1;
+
+ forced_memzero(k, SAE_MAX_PRIME_LEN);
+
+ return ret;
}
--
2.48.1
More information about the Hostap
mailing list