Re: [Patch 2.6] dm-crypt: zero key before freeing it

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Once the page is placed on the free list, doesn't that prevent it from being swapped out? swsusp doesn't bother saving free pages and before the pages can be recycled, the kernel zeros them right?

Stefan Rompf wrote:
Hi Andrew,

dm-crypt does not clear struct crypt_config before freeing it. Thus, information on the key could leak f.e. to a swsusp image even after the encrypted device has been removed. The attached patch against 2.6.14 / 2.6.15 fixes it.

Signed-off-by: Stefan Rompf <[email protected]>
Acked-by: Clemens Fruhwirth <[email protected]>

--- linux-2.6.14.4/drivers/md/dm-crypt.c.old	2005-12-16 18:27:05.000000000 +0100
+++ linux-2.6.14.4/drivers/md/dm-crypt.c	2005-12-28 12:49:13.000000000 +0100
@@ -694,6 +694,7 @@ bad3:
 bad2:
 	crypto_free_tfm(tfm);
 bad1:
+	memset(cc, 0, sizeof(*cc) + cc->key_size * sizeof(u8));
 	kfree(cc);
 	return -EINVAL;
 }
@@ -710,6 +711,7 @@ static void crypt_dtr(struct dm_target *
 		cc->iv_gen_ops->dtr(cc);
 	crypto_free_tfm(cc->tfm);
 	dm_put_device(ti, cc->dev);
+	memset(cc, 0, sizeof(*cc) + cc->key_size * sizeof(u8));
 	kfree(cc);
 }
-


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux