Commit f8758659 authored May 23, 2025 by Zilin Guan Committed by Johannes Berg Jun 11, 2025

wifi: cfg80211: use kfree_sensitive() for connkeys cleanup



The nl80211_parse_connkeys() function currently uses kfree() to release
the 'result' structure in error handling paths. However, if an error
occurs due to result->def being less than 0, the 'result' structure may
contain sensitive information.

To prevent potential leakage of sensitive data, replace kfree() with
kfree_sensitive() when freeing 'result'. This change aligns with the
approach used in its caller, nl80211_join_ibss(), enhancing the overall
security of the wireless subsystem.

Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Link: https://patch.msgid.link/20250523110156.4017111-1-zilin@seu.edu.cn


Signed-off-by: Johannes Berg <johannes.berg@intel.com>

parent 8d603508

net/wireless/nl80211.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1583,7 +1583,7 @@ nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,

		return result;
		error:
		kfree(result);
		kfree_sensitive(result);
		return ERR_PTR(err);
		}