dm crypt: wipe keys string immediately after key is set

Always wipe the original copy of the key after processing it in crypt_set_key(). Signed-off-by: N Milan Broz <mbroz@redhat.com> Acked-by: N Mike Snitzer <snitzer@redhat.com> Signed-off-by: N Alasdair G Kergon <agk@redhat.com>

dm crypt: wipe keys string immediately after key is set
Always wipe the original copy of the key after processing it in crypt_set_key(). Signed-off-by: N Milan Broz <mbroz@redhat.com> Acked-by: N Mike Snitzer <snitzer@redhat.com> Signed-off-by: N Alasdair G Kergon <agk@redhat.com>
de8be5ac · Milan Broz · Alasdair G Kergon · 3407ef52 · de8be5ac
隐藏空白更改
内联并排

Showing with 14 addition and 5 deletion

drivers/md/dm-crypt.c drivers/md/dm-crypt.c +14 -5

未找到文件。
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -1331,20 +1331,29 @@ static int crypt_setkey_allcpus(struct crypt_config *cc)

 static int crypt_set_key(struct crypt_config *cc, char *key)
 {
+	int r = -EINVAL;
+	int key_string_len = strlen(key);
+
 	/* The key size may not be changed. */
-	if (cc->key_size != (strlen(key) >> 1))
-		return -EINVAL;
+	if (cc->key_size != (key_string_len >> 1))
+		goto out;

 	/* Hyphen (which gives a key_size of zero) means there is no key. */
 	if (!cc->key_size && strcmp(key, "-"))
-		return -EINVAL;
+		goto out;

 	if (cc->key_size && crypt_decode_key(cc->key, key, cc->key_size) < 0)
-		return -EINVAL;
+		goto out;

 	set_bit(DM_CRYPT_KEY_VALID, &cc->flags);

-	return crypt_setkey_allcpus(cc);
+	r = crypt_setkey_allcpus(cc);
+
+out:
+	/* Hex key string not needed after here, so wipe it. */
+	memset(key, '0', key_string_len);
+
+	return r;
 }

 static int crypt_wipe_key(struct crypt_config *cc)