diff options
| author | Stefan Rompf <stefan@loplof.de> | 2006-01-06 03:20:08 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-01-06 11:34:01 -0500 |
| commit | 9d3520a339d62f942085e9888f66905eb8b350bd (patch) | |
| tree | 622374ba69e8430ec2ec8d7b00a3d28990659d45 | |
| parent | 0b56306e56784d0513e1193d58c05a6bd97bd1a9 (diff) | |
[PATCH] dm-crypt: zero key before freeing it
Zap the memory before freeing it so we don't leave crypto information
around in memory.
Signed-off-by: Stefan Rompf <stefan@loplof.de>
Acked-by: Clemens Fruhwirth <clemens@endorphin.org>
Acked-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| -rw-r--r-- | drivers/md/dm-crypt.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index cf6631056683..a601a427885c 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c | |||
| @@ -690,6 +690,8 @@ bad3: | |||
| 690 | bad2: | 690 | bad2: |
| 691 | crypto_free_tfm(tfm); | 691 | crypto_free_tfm(tfm); |
| 692 | bad1: | 692 | bad1: |
| 693 | /* Must zero key material before freeing */ | ||
| 694 | memset(cc, 0, sizeof(*cc) + cc->key_size * sizeof(u8)); | ||
| 693 | kfree(cc); | 695 | kfree(cc); |
| 694 | return -EINVAL; | 696 | return -EINVAL; |
| 695 | } | 697 | } |
| @@ -706,6 +708,9 @@ static void crypt_dtr(struct dm_target *ti) | |||
| 706 | cc->iv_gen_ops->dtr(cc); | 708 | cc->iv_gen_ops->dtr(cc); |
| 707 | crypto_free_tfm(cc->tfm); | 709 | crypto_free_tfm(cc->tfm); |
| 708 | dm_put_device(ti, cc->dev); | 710 | dm_put_device(ti, cc->dev); |
| 711 | |||
| 712 | /* Must zero key material before freeing */ | ||
| 713 | memset(cc, 0, sizeof(*cc) + cc->key_size * sizeof(u8)); | ||
| 709 | kfree(cc); | 714 | kfree(cc); |
| 710 | } | 715 | } |
| 711 | 716 | ||