diff --git a/core/hdd/src/wlan_hdd_cfg80211.c b/core/hdd/src/wlan_hdd_cfg80211.c index b381b0c53c..4acd479a89 100644 --- a/core/hdd/src/wlan_hdd_cfg80211.c +++ b/core/hdd/src/wlan_hdd_cfg80211.c @@ -4647,6 +4647,7 @@ static int __wlan_hdd_cfg80211_keymgmt_set_key(struct wiphy *wiphy, qdf_mem_copy(local_pmk, data, data_len); sme_roam_set_psk_pmk(mac_handle, hdd_adapter->vdev_id, local_pmk, data_len); + qdf_mem_zero(&local_pmk, SIR_ROAM_SCAN_PSK_SIZE); return 0; } @@ -19572,7 +19573,9 @@ static int __wlan_hdd_cfg80211_set_pmksa(struct wiphy *wiphy, sme_set_del_pmkid_cache(mac_handle, adapter->vdev_id, &pmk_cache, true); + qdf_mem_zero(&pmk_cache, sizeof(pmk_cache)); hdd_exit(); + return QDF_IS_STATUS_SUCCESS(result) ? 0 : -EINVAL; } @@ -19665,6 +19668,8 @@ static int __wlan_hdd_cfg80211_del_pmksa(struct wiphy *wiphy, sme_set_del_pmkid_cache(mac_handle, adapter->vdev_id, &pmk_cache, false); + qdf_mem_zero(&pmk_cache, sizeof(pmk_cache)); + hdd_exit(); return status; } diff --git a/core/hdd/src/wlan_hdd_main.c b/core/hdd/src/wlan_hdd_main.c index 32bb1a92ed..af9c37bf49 100644 --- a/core/hdd/src/wlan_hdd_main.c +++ b/core/hdd/src/wlan_hdd_main.c @@ -5446,6 +5446,13 @@ QDF_STATUS hdd_stop_adapter(struct hdd_context *hdd_ctx, wlan_hdd_cleanup_actionframe(adapter); wlan_hdd_cleanup_remain_on_channel_ctx(adapter); hdd_clear_fils_connection_info(adapter); + + status = sme_roam_del_pmkid_from_cache(mac_handle, + adapter->vdev_id, + NULL, true); + if (QDF_IS_STATUS_ERROR(status)) + hdd_err("Cannot flush PMKIDCache"); + hdd_deregister_tx_flow_control(adapter); #ifdef WLAN_OPEN_SOURCE diff --git a/core/sme/src/common/sme_api.c b/core/sme/src/common/sme_api.c index a0ba827621..2206c566a5 100644 --- a/core/sme/src/common/sme_api.c +++ b/core/sme/src/common/sme_api.c @@ -13639,7 +13639,10 @@ send_flush_cmd: QDF_MODULE_ID_WMA, QDF_MODULE_ID_WMA, &msg)) { sme_err("Not able to post message to WDA"); - qdf_mem_free(pmk_cache); + if (pmk_cache) { + qdf_mem_zero(pmk_cache, sizeof(*pmk_cache)); + qdf_mem_free(pmk_cache); + } return QDF_STATUS_E_FAILURE; } diff --git a/core/sme/src/csr/csr_api_roam.c b/core/sme/src/csr/csr_api_roam.c index 4ab041f619..9b6cea9727 100644 --- a/core/sme/src/csr/csr_api_roam.c +++ b/core/sme/src/csr/csr_api_roam.c @@ -14188,6 +14188,18 @@ csr_roam_set_pmkid_cache(struct mac_context *mac, uint32_t sessionId, return QDF_STATUS_SUCCESS; } +#ifdef WLAN_FEATURE_ROAM_OFFLOAD +static void csr_mem_zero_psk_pmk(struct csr_roam_session *session) +{ + qdf_mem_zero(session->psk_pmk, sizeof(session->psk_pmk)); + session->pmk_len = 0; +} +#else +static void csr_mem_zero_psk_pmk(struct csr_roam_session *session) +{ +} +#endif + QDF_STATUS csr_roam_del_pmkid_from_cache(struct mac_context *mac, uint32_t sessionId, tPmkidCacheInfo *pmksa, @@ -14217,6 +14229,7 @@ QDF_STATUS csr_roam_del_pmkid_from_cache(struct mac_context *mac, sizeof(tPmkidCacheInfo) * CSR_MAX_PMKID_ALLOWED); pSession->NumPmkidCache = 0; pSession->curr_cache_idx = 0; + csr_mem_zero_psk_pmk(pSession); return QDF_STATUS_SUCCESS; } diff --git a/core/sme/src/csr/csr_util.c b/core/sme/src/csr/csr_util.c index 6eb1f09bc5..34c5f37dcc 100644 --- a/core/sme/src/csr/csr_util.c +++ b/core/sme/src/csr/csr_util.c @@ -4017,6 +4017,8 @@ uint8_t csr_construct_rsn_ie(struct mac_context *mac, uint32_t sessionId, } session->rsn_caps = RSNCapabilities; + qdf_mem_zero(&pmkid_cache, sizeof(pmkid_cache)); + #ifdef WLAN_FEATURE_11W /* Advertise BIP in group cipher key management only if PMF is * enabled and AP is capable. diff --git a/core/wma/src/wma_main.c b/core/wma/src/wma_main.c index f803d12993..3614bfd8ce 100644 --- a/core/wma/src/wma_main.c +++ b/core/wma/src/wma_main.c @@ -8892,7 +8892,11 @@ static QDF_STATUS wma_mc_process_msg(struct scheduler_msg *msg) break; case SIR_HAL_SET_DEL_PMKID_CACHE: wma_set_del_pmkid_cache(wma_handle, msg->bodyptr); - qdf_mem_free(msg->bodyptr); + if (msg->bodyptr) { + qdf_mem_zero(msg->bodyptr, + sizeof(struct wmi_unified_pmk_cache)); + qdf_mem_free(msg->bodyptr); + } break; case SIR_HAL_HLP_IE_INFO: wma_roam_scan_send_hlp(wma_handle,