security: wipe passphrases, bind hidden stash to SSID, re-register agent
Wipe passphrase memory in the auth and hidden-network dialogs (explicit_bzero on owned copies plus overwriting the elm_entry buffer before destruction) so secrets don't linger on the heap. Bind the hidden-network passphrase stash to its SSID with a 30s timeout, so a typo'd or out-of-range hidden connect can't leak its passphrase to an unrelated network whose RequestPassphrase happens to land first. Re-RegisterAgent on iwd NameOwnerChanged so PSK connects survive systemctl restart iwd instead of silently hanging. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
5844e2265e
commit
0ab9561d2b
8 changed files with 161 additions and 51 deletions
|
|
@ -222,7 +222,14 @@ _on_iface_removed(void *data, const char *path, const char *iface)
|
|||
}
|
||||
|
||||
static void
|
||||
_on_name_appeared(void *data EINA_UNUSED) { /* GetManagedObjects will populate */ }
|
||||
_on_name_appeared(void *data)
|
||||
{
|
||||
/* GetManagedObjects will repopulate adapters/devices/networks; we just
|
||||
* need to re-register our agent against the new iwd instance. Without
|
||||
* this, PSK connects silently hang after `systemctl restart iwd`. */
|
||||
Iwd_Manager *m = data;
|
||||
if (m && m->agent) iwd_agent_register(m->agent);
|
||||
}
|
||||
|
||||
static void
|
||||
_on_name_vanished(void *data)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue