wlan: Clear any key values in the memory.
Clear the key values from the memory when session is
being removed and/or when no need of the key values.
Change-Id: I5914d6521855c021d1d9e2f268771a4113e5f6ef
CRs-Fixed: 737934
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 6d1252f..28caca2 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -5181,6 +5181,11 @@
__LINE__, status );
pHddStaCtx->roam_info.roamingState = HDD_ROAM_STATE_NONE;
}
+ /* Need to clear any trace of key value in the memory.
+ * Thus zero out the memory even though it is local
+ * variable.
+ */
+ vos_mem_zero(&setKey, sizeof(setKey));
}
#endif /* FEATURE_WLAN_WAPI*/
@@ -7942,7 +7947,8 @@
default:
hddLog(VOS_TRACE_LEVEL_ERROR, "%s: unsupported cipher type %u",
__func__, params->cipher);
- return -EOPNOTSUPP;
+ status = -EOPNOTSUPP;
+ goto end;
}
hddLog(VOS_TRACE_LEVEL_INFO_MED, "%s: encryption type %d",
@@ -7983,13 +7989,14 @@
{
hddLog(VOS_TRACE_LEVEL_ERROR,
"%s: sme_RoamSetKey failed, returned %d", __func__, status);
- return -EINVAL;
+ status = -EINVAL;
+ goto end;
}
/*Save the keys here and call sme_RoamSetKey for setting
the PTK after peer joins the IBSS network*/
vos_mem_copy(&pAdapter->sessionCtx.station.ibss_enc_key,
&setKey, sizeof(tCsrRoamSetKey));
- return status;
+ goto end;
}
if ((pAdapter->device_mode == WLAN_HDD_SOFTAP) ||
(pAdapter->device_mode == WLAN_HDD_P2P_GO))
@@ -8008,7 +8015,8 @@
pHddStaCtx->roam_info.roamingState = HDD_ROAM_STATE_NONE;
- return -EINVAL;
+ status = -EINVAL;
+ goto end;
}
status = WLANSAP_SetKeySta( pVosContext, &setKey);
@@ -8018,6 +8026,8 @@
VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
"[%4d] WLANSAP_SetKeySta returned ERROR status= %d",
__LINE__, status );
+ status = -EINVAL;
+ goto end;
}
}
@@ -8086,7 +8096,8 @@
pHddStaCtx->roam_info.roamingState = HDD_ROAM_STATE_NONE;
- return -EINVAL;
+ status = -EINVAL;
+ goto end;
}
@@ -8099,13 +8110,15 @@
{
hddLog(VOS_TRACE_LEVEL_INFO_MED,
"%s: Update PreAuth Key success", __func__);
- return 0;
+ status = 0;
+ goto end;
}
else if ( halStatus == eHAL_STATUS_FT_PREAUTH_KEY_FAILED )
{
hddLog(VOS_TRACE_LEVEL_ERROR,
"%s: Update PreAuth Key failed", __func__);
- return -EINVAL;
+ status = -EINVAL;
+ goto end;
}
#endif /* WLAN_FEATURE_VOWIFI_11R */
@@ -8118,7 +8131,8 @@
hddLog(VOS_TRACE_LEVEL_ERROR,
"%s: sme_RoamSetKey failed, returned %d", __func__, status);
pHddStaCtx->roam_info.roamingState = HDD_ROAM_STATE_NONE;
- return -EINVAL;
+ status = -EINVAL;
+ goto end;
}
@@ -8155,12 +8169,20 @@
"%s: sme_RoamSetKey failed for group key (IBSS), returned %d",
__func__, status);
pHddStaCtx->roam_info.roamingState = HDD_ROAM_STATE_NONE;
- return -EINVAL;
+ status = -EINVAL;
+ goto end;
}
}
}
- return 0;
+end:
+ /* Need to clear any trace of key value in the memory.
+ * Thus zero out the memory even though it is local
+ * variable.
+ */
+ vos_mem_zero(&setKey, sizeof(setKey));
+
+ return status;
}
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,38))
@@ -14080,6 +14102,13 @@
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
"%s: sme_SetGTKOffload failed, returned %d",
__func__, status);
+
+ /* Need to clear any trace of key value in the memory.
+ * Thus zero out the memory even though it is local
+ * variable.
+ */
+ vos_mem_zero(&hddGtkOffloadReqParams,
+ sizeof(hddGtkOffloadReqParams));
return status;
}
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO,
@@ -14092,6 +14121,13 @@
__func__);
}
+ /* Need to clear any trace of key value in the memory.
+ * Thus zero out the memory even though it is local
+ * variable.
+ */
+ vos_mem_zero(&hddGtkOffloadReqParams,
+ sizeof(hddGtkOffloadReqParams));
+
return eHAL_STATUS_SUCCESS;
}
diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
index 6325fa3..b93982d 100644
--- a/CORE/HDD/src/wlan_hdd_wext.c
+++ b/CORE/HDD/src/wlan_hdd_wext.c
@@ -1190,7 +1190,6 @@
void hdd_clearRoamProfileIe( hdd_adapter_t *pAdapter)
{
- int i = 0;
hdd_wext_state_t *pWextState= WLAN_HDD_GET_WEXT_STATE_PTR(pAdapter);
/* clear WPA/RSN/WSC IE information in the profile */
@@ -1230,13 +1229,9 @@
pWextState->authKeyMgmt = 0;
- for (i=0; i < CSR_MAX_NUM_KEY; i++)
- {
- if (pWextState->roamProfile.Keys.KeyMaterial[i])
- {
- pWextState->roamProfile.Keys.KeyLength[i] = 0;
- }
- }
+ vos_mem_zero(&pWextState->roamProfile.Keys,
+ sizeof(pWextState->roamProfile.Keys));
+
#ifdef FEATURE_WLAN_WAPI
pAdapter->wapi_info.wapiAuthMode = WAPI_AUTH_MODE_OPEN;
pAdapter->wapi_info.nWapiMode = 0;
diff --git a/CORE/MAC/src/pe/lim/limFT.c b/CORE/MAC/src/pe/lim/limFT.c
index bb2e419..7bddc4d 100644
--- a/CORE/MAC/src/pe/lim/limFT.c
+++ b/CORE/MAC/src/pe/lim/limFT.c
@@ -117,6 +117,7 @@
if (pMac->ft.ftPEContext.pAddBssReq)
{
+ vos_mem_zero(pMac->ft.ftPEContext.pAddBssReq, sizeof(tAddBssParams));
vos_mem_free(pMac->ft.ftPEContext.pAddBssReq);
pMac->ft.ftPEContext.pAddBssReq = NULL;
}
diff --git a/CORE/MAC/src/pe/lim/limProcessMlmRspMessages.c b/CORE/MAC/src/pe/lim/limProcessMlmRspMessages.c
index 8834c3a..4bdfe2c 100644
--- a/CORE/MAC/src/pe/lim/limProcessMlmRspMessages.c
+++ b/CORE/MAC/src/pe/lim/limProcessMlmRspMessages.c
@@ -2511,6 +2511,7 @@
PELOGE(limLog(pMac, LOGE,FL("session does not exist for given sessionId"));)
if( NULL != pAddBssParams )
{
+ vos_mem_zero(pAddBssParams, sizeof(tAddBssParams));
vos_mem_free(pAddBssParams);
limMsgQ->bodyptr = NULL;
}
@@ -2580,6 +2581,7 @@
end:
if( 0 != limMsgQ->bodyptr )
{
+ vos_mem_zero(pAddBssParams, sizeof(tAddBssParams));
vos_mem_free(pAddBssParams);
limMsgQ->bodyptr = NULL;
}
@@ -2693,6 +2695,7 @@
end:
if( 0 != limMsgQ->bodyptr )
{
+ vos_mem_zero(pAddBssParams, sizeof(tAddBssParams));
vos_mem_free(pAddBssParams);
limMsgQ->bodyptr = NULL;
}
@@ -3003,6 +3006,7 @@
if (pAddBssParams != NULL)
{
+ vos_mem_zero(pAddBssParams, sizeof(tAddBssParams));
vos_mem_free(pAddBssParams);
pAddBssParams = NULL;
limMsgQ->bodyptr = NULL;
@@ -3020,6 +3024,7 @@
if (pAddBssParams != NULL)
{
+ vos_mem_zero(pAddBssParams, sizeof(tAddBssParams));
vos_mem_free(pAddBssParams);
pAddBssParams = NULL;
limMsgQ->bodyptr = NULL;
@@ -3177,6 +3182,7 @@
end:
if( 0 != limMsgQ->bodyptr )
{
+ vos_mem_zero(pAddBssParams, sizeof(tAddBssParams));
vos_mem_free(pAddBssParams);
limMsgQ->bodyptr = NULL;
}
@@ -3238,6 +3244,7 @@
pAddBssParams->sessionId);
if( NULL != pAddBssParams )
{
+ vos_mem_zero(pAddBssParams, sizeof(tAddBssParams));
vos_mem_free(pAddBssParams);
limMsgQ->bodyptr = NULL;
}
@@ -3260,6 +3267,7 @@
mlmStartCnf.resultCode = eSIR_SME_BSS_ALREADY_STARTED_OR_JOINED;
if( 0 != limMsgQ->bodyptr )
{
+ vos_mem_zero(pAddBssParams, sizeof(tAddBssParams));
vos_mem_free(pAddBssParams);
limMsgQ->bodyptr = NULL;
}
@@ -3346,6 +3354,7 @@
if((psessionEntry = peFindSessionBySessionId(pMac, sessionId))== NULL)
{
PELOGE(limLog(pMac, LOGE,FL("session does not exist for given sessionId"));)
+ vos_mem_zero(limMsgQ->bodyptr, sizeof(tSetStaKeyParams));
vos_mem_free(limMsgQ->bodyptr);
limMsgQ->bodyptr = NULL;
return;
@@ -3360,6 +3369,7 @@
else
mlmSetKeysCnf.resultCode = (tANI_U16) (((tpSetStaKeyParams) limMsgQ->bodyptr)->status);
+ vos_mem_zero(limMsgQ->bodyptr, sizeof(tSetStaKeyParams));
vos_mem_free(limMsgQ->bodyptr);
limMsgQ->bodyptr = NULL;
// Restore MLME state
@@ -3375,6 +3385,8 @@
(tANI_U8 *) lpLimMlmSetKeysReq->peerMacAddr,
sizeof(tSirMacAddr));
// Free the buffer cached for the global pMac->lim.gpLimMlmSetKeysReq
+ vos_mem_zero(pMac->lim.gpLimMlmSetKeysReq,
+ sizeof(tLimMlmSetKeysReq));
vos_mem_free(pMac->lim.gpLimMlmSetKeysReq);
pMac->lim.gpLimMlmSetKeysReq = NULL;
}
@@ -3401,6 +3413,7 @@
if((psessionEntry = peFindSessionBySessionId(pMac, sessionId))== NULL)
{
PELOGE(limLog(pMac, LOGE,FL("session does not exist for given sessionId"));)
+ vos_mem_zero(limMsgQ->bodyptr, sizeof(tSetBssKeyParams));
vos_mem_free( limMsgQ->bodyptr );
limMsgQ->bodyptr = NULL;
return;
@@ -3429,6 +3442,7 @@
else
mlmSetKeysCnf.resultCode = resultCode;
+ vos_mem_zero(limMsgQ->bodyptr, sizeof(tSetBssKeyParams));
vos_mem_free(limMsgQ->bodyptr);
limMsgQ->bodyptr = NULL;
// Restore MLME state
@@ -3447,6 +3461,8 @@
(tANI_U8 *) lpLimMlmSetKeysReq->peerMacAddr,
sizeof(tSirMacAddr));
// Free the buffer cached for the global pMac->lim.gpLimMlmSetKeysReq
+ vos_mem_zero(pMac->lim.gpLimMlmSetKeysReq,
+ sizeof(tLimMlmSetKeysReq));
vos_mem_free(pMac->lim.gpLimMlmSetKeysReq);
pMac->lim.gpLimMlmSetKeysReq = NULL;
}
@@ -3519,7 +3535,7 @@
// TODO & FIXME_GEN4
// Need to inspect tSirMsgQ.reserved for a valid Dialog token!
//
-
+ vos_mem_zero(limMsgQ->bodyptr, sizeof(tRemoveStaKeyParams));
vos_mem_free(limMsgQ->bodyptr);
limMsgQ->bodyptr = NULL;
@@ -4738,6 +4754,7 @@
end:
if( 0 != limMsgQ->bodyptr )
{
+ vos_mem_zero(pAddBssParams, sizeof(tAddBssParams));
vos_mem_free(pAddBssParams);
limMsgQ->bodyptr = NULL;
}
diff --git a/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c b/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c
index 60a9e0f..92a6096 100644
--- a/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c
+++ b/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c
@@ -3124,6 +3124,8 @@
}
end:
+ vos_mem_zero(pSetContextReq,
+ (sizeof(tSirKeys) * SIR_MAC_MAX_NUM_OF_DEFAULT_KEYS));
vos_mem_free( pSetContextReq);
return;
} /*** end __limProcessSmeSetContextReq() ***/
diff --git a/CORE/MAC/src/pe/lim/limSecurityUtils.c b/CORE/MAC/src/pe/lim/limSecurityUtils.c
index 4b7858b..32251c0 100644
--- a/CORE/MAC/src/pe/lim/limSecurityUtils.c
+++ b/CORE/MAC/src/pe/lim/limSecurityUtils.c
@@ -797,6 +797,7 @@
/// Free up buffer allocated for mlmSetKeysReq
+ vos_mem_zero(pMlmSetKeysReq, sizeof(tLimMlmSetKeysReq));
vos_mem_free( pMlmSetKeysReq );
pMac->lim.gpLimMlmSetKeysReq = NULL;
diff --git a/CORE/MAC/src/pe/lim/limSerDesUtils.c b/CORE/MAC/src/pe/lim/limSerDesUtils.c
index e5e5cb0..2784ebc 100644
--- a/CORE/MAC/src/pe/lim/limSerDesUtils.c
+++ b/CORE/MAC/src/pe/lim/limSerDesUtils.c
@@ -1887,6 +1887,7 @@
do {
tANI_U32 keySize = limGetKeysInfo(pMac, (tpSirKeys) pKeys,
pBuf);
+ vos_mem_zero(pBuf, keySize);
pBuf += keySize;
pKeys += sizeof(tSirKeys);
totalKeySize += (tANI_U16) keySize;
diff --git a/CORE/SME/src/sme_common/sme_Api.c b/CORE/SME/src/sme_common/sme_Api.c
index e0d5110..9e367e1 100644
--- a/CORE/SME/src/sme_common/sme_Api.c
+++ b/CORE/SME/src/sme_common/sme_Api.c
@@ -2285,6 +2285,8 @@
if (pMsg->bodyptr)
{
sme_ProcessGetGtkInfoRsp(pMac, pMsg->bodyptr);
+ vos_mem_zero(pMsg->bodyptr,
+ sizeof(tSirGtkOffloadGetInfoRspParams));
vos_mem_free(pMsg->bodyptr);
}
else
diff --git a/CORE/SME/src/sme_common/sme_FTApi.c b/CORE/SME/src/sme_common/sme_FTApi.c
index a098388..95bcd50 100644
--- a/CORE/SME/src/sme_common/sme_FTApi.c
+++ b/CORE/SME/src/sme_common/sme_FTApi.c
@@ -535,6 +535,8 @@
if (pMac->ft.ftSmeContext.pCsrFTKeyInfo != NULL)
{
+ vos_mem_zero(pMac->ft.ftSmeContext.pCsrFTKeyInfo,
+ sizeof(tCsrRoamSetKey));
vos_mem_free(pMac->ft.ftSmeContext.pCsrFTKeyInfo);
}
pMac->ft.ftSmeContext.pCsrFTKeyInfo = NULL;
diff --git a/CORE/WDA/src/wlan_qct_wda.c b/CORE/WDA/src/wlan_qct_wda.c
index 0bfcf4a..a49a341 100644
--- a/CORE/WDA/src/wlan_qct_wda.c
+++ b/CORE/WDA/src/wlan_qct_wda.c
@@ -3567,6 +3567,8 @@
configBssReqParam->txMgmtPower = wdiConfigBssRsp->ucTxMgmtPower;
#endif
}
+ vos_mem_zero(pWdaParams->wdaWdiApiMsgParam,
+ sizeof(WDI_ConfigBSSReqParamsType));
vos_mem_free(pWdaParams->wdaWdiApiMsgParam);
vos_mem_free(pWdaParams) ;
WDA_SendMsg(pWDA, WDA_ADD_BSS_RSP, (void *)configBssReqParam , 0) ;
@@ -3679,6 +3681,7 @@
staPostAssocParam->bssIdx = wdiPostAssocRsp->bssParams.ucBSSIdx;
selfStaPostAssocParam->staIdx = wdiPostAssocRsp->staParams.ucSTAIdx;
}
+ vos_mem_zero(pWDA->wdaWdiApiMsgParam, sizeof(WDI_PostAssocReqParamsType));
vos_mem_free(pWDA->wdaWdiApiMsgParam) ;
pWDA->wdaWdiApiMsgParam = NULL;
pWDA->wdaMsgParam = NULL;
@@ -4863,6 +4866,8 @@
}
pWDA = (tWDA_CbContext *)pWdaParams->pWdaContext;
setBssKeyParams = (tSetBssKeyParams *)pWdaParams->wdaMsgParam;
+ vos_mem_zero(pWdaParams->wdaWdiApiMsgParam,
+ sizeof(WDI_SetBSSKeyReqParamsType));
vos_mem_free(pWdaParams->wdaWdiApiMsgParam);
vos_mem_free(pWdaParams) ;
setBssKeyParams->status = status ;
@@ -5098,6 +5103,8 @@
}
pWDA = (tWDA_CbContext *)pWdaParams->pWdaContext;
setStaKeyParams = (tSetStaKeyParams *)pWdaParams->wdaMsgParam;
+ vos_mem_zero(pWdaParams->wdaWdiApiMsgParam,
+ sizeof(WDI_SetSTAKeyReqParamsType));
vos_mem_free(pWdaParams->wdaWdiApiMsgParam);
vos_mem_free(pWdaParams) ;
setStaKeyParams->status = status ;
@@ -11148,6 +11155,10 @@
if(IS_WDI_STATUS_FAILURE(wdiStatus))
{
+ vos_mem_zero(pWdaParams->wdaWdiApiMsgParam,
+ sizeof(WDI_GtkOffloadReqMsg));
+ vos_mem_zero(pWdaParams->wdaMsgParam,
+ sizeof(tSirGtkOffloadParams));
vos_mem_free(pWdaParams->wdaWdiApiMsgParam);
vos_mem_free(pWdaParams->wdaMsgParam);
vos_mem_free(pWdaParams);
@@ -11222,6 +11233,8 @@
{
VOS_TRACE( VOS_MODULE_ID_WDA, VOS_TRACE_LEVEL_ERROR,
"Failure in WDA_ProcessGTKOffloadReq(), free all the memory " );
+ vos_mem_zero(wdiGtkOffloadReqMsg, sizeof(WDI_GtkOffloadReqMsg));
+ vos_mem_zero(pGtkOffloadParams, sizeof(tSirGtkOffloadParams));
vos_mem_free(pWdaParams->wdaWdiApiMsgParam) ;
vos_mem_free(pWdaParams->wdaMsgParam);
vos_mem_free(pWdaParams);
@@ -11290,6 +11303,8 @@
if (VOS_STATUS_SUCCESS != vos_mq_post_message(VOS_MQ_ID_SME, (vos_msg_t*)&vosMsg))
{
/* free the mem and return */
+ vos_mem_zero(pGtkOffloadGetInfoRsp,
+ sizeof(tSirGtkOffloadGetInfoRspParams));
vos_mem_free((v_VOID_t *) pGtkOffloadGetInfoRsp);
}
diff --git a/CORE/WDI/CP/src/wlan_qct_wdi.c b/CORE/WDI/CP/src/wlan_qct_wdi.c
index fddb8ab..9a5d705 100644
--- a/CORE/WDI/CP/src/wlan_qct_wdi.c
+++ b/CORE/WDI/CP/src/wlan_qct_wdi.c
@@ -8579,7 +8579,7 @@
pWDICtx->wdiReqStatusCB = pwdiConfigBSSParams->wdiReqStatusCB;
pWDICtx->pReqStatusUserData = pwdiConfigBSSParams->pUserData;
-
+ wpalMemoryZero(&halConfigBssReqMsg, sizeof(halConfigBssReqMsg));
/*-------------------------------------------------------------------------
Send Config BSS Request to HAL
-------------------------------------------------------------------------*/
@@ -8925,6 +8925,7 @@
pwdiPostAssocParams,
sizeof(pWDICtx->wdiCachedPostAssocReq));
+ wpalMemoryZero(&halPostAssocReqMsg, sizeof(halPostAssocReqMsg));
/*-------------------------------------------------------------------------
Send Post Assoc Request to HAL
-------------------------------------------------------------------------*/
@@ -9482,7 +9483,7 @@
pWDICtx->wdiReqStatusCB = pwdiSetSTAKeyParams->wdiReqStatusCB;
pWDICtx->pReqStatusUserData = pwdiSetSTAKeyParams->pUserData;
-
+ wpalMemoryZero(&halSetStaKeyReqMsg, sizeof(halSetStaKeyReqMsg));
/*-------------------------------------------------------------------------
Send Set STA Key Request to HAL
-------------------------------------------------------------------------*/
diff --git a/CORE/WDI/TRP/CTS/src/wlan_qct_wdi_cts.c b/CORE/WDI/TRP/CTS/src/wlan_qct_wdi_cts.c
index 82ac70e..41b6e37 100644
--- a/CORE/WDI/TRP/CTS/src/wlan_qct_wdi_cts.c
+++ b/CORE/WDI/TRP/CTS/src/wlan_qct_wdi_cts.c
@@ -310,6 +310,7 @@
pWCTSCb->wctsRxMsgCBData);
/* Free the allocated buffer*/
+ wpalMemoryZero(buffer, bytes_read);
wpalMemoryFree(buffer);
}
@@ -394,6 +395,7 @@
}
/* whether we had success or failure, reclaim all memory */
+ wpalMemoryZero(pBuffer, len);
wpalMemoryFree(pBuffer);
wpalMemoryFree(pBufferQueue);
@@ -961,6 +963,7 @@
return eWLAN_PAL_STATUS_E_FAILURE;
} else if (written == len) {
/* Message sent! No deferred state, free the buffer*/
+ wpalMemoryZero(pMsg, len);
wpalMemoryFree(pMsg);
} else {
/* This much data cannot be written at this time,