[PATCH] dm-crypt: zero key before freeing it

Zap the memory before freeing it so we don't leave crypto information around in memory. Signed-off-by: N Stefan Rompf <stefan@loplof.de> Acked-by: N Clemens Fruhwirth <clemens@endorphin.org> Acked-by: N Alasdair G Kergon <agk@redhat.com> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>

[PATCH] dm-crypt: zero key before freeing it
Zap the memory before freeing it so we don't leave crypto information around in memory. Signed-off-by: N Stefan Rompf <stefan@loplof.de> Acked-by: N Clemens Fruhwirth <clemens@endorphin.org> Acked-by: N Alasdair G Kergon <agk@redhat.com> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>
9d3520a3 · Stefan Rompf · Linus Torvalds · 0b56306e · 9d3520a3
隐藏空白更改
内联并排

Showing with 5 addition and 0 deletion

drivers/md/dm-crypt.c drivers/md/dm-crypt.c +5 -0

未找到文件。
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -690,6 +690,8 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
 bad2:
 	crypto_free_tfm(tfm);
 bad1:
+	/* Must zero key material before freeing */
+	memset(cc, 0, sizeof(*cc) + cc->key_size * sizeof(u8));
 	kfree(cc);
 	return -EINVAL;
 }
@@ -706,6 +708,9 @@ static void crypt_dtr(struct dm_target *ti)
 		cc->iv_gen_ops->dtr(cc);
 	crypto_free_tfm(cc->tfm);
 	dm_put_device(ti, cc->dev);
+
+	/* Must zero key material before freeing */
+	memset(cc, 0, sizeof(*cc) + cc->key_size * sizeof(u8));
 	kfree(cc);
 }