wireless: mlock the network structure

openSUSE · May 6, 2014 · 105df74 · 105df74
1 parent 593b9c0
commit 105df74
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/include/wicked/wireless.h b/include/wicked/wireless.h
@@ -7,6 +7,8 @@
 #ifndef __WICKED_WIRELESS_H__
 #define __WICKED_WIRELESS_H__
 
+#include <sys/mman.h>
+
 #include <wicked/types.h>
 #include <wicked/util.h>
 #include <wicked/logging.h>
@@ -352,6 +354,9 @@ ni_wireless_passwd_clear(ni_wireless_network_t *net)
 		ni_string_clear(&net->wpa_psk.passphrase);
 		ni_string_clear(&net->wpa_eap.phase2.password);
 		ni_string_clear(&net->wpa_eap.tls.client_key_passwd);
+
+		/* No need to   lock  that page in memory anymore */
+		munlock(net, sizeof(*net));
 	}
 }
 

diff --git a/src/wireless.c b/src/wireless.c
@@ -947,6 +947,13 @@ ni_wireless_network_new(void)
 	ni_wireless_network_t *net;
 
 	net = xcalloc(1, sizeof(ni_wireless_network_t));
+
+	/* Locking network to protect secrets */
+	if (ni_try_mlock(net, sizeof(*net)) == FALSE) {
+		free(net);
+		return NULL;
+	}
+
 	net->refcount = 1;
 
 	net->scan_ssid = TRUE;