diff options
author | Enzo Matsumiya <ematsumiya@suse.de> | 2022-09-20 15:10:35 -0300 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2022-10-07 23:06:48 -0500 |
commit | a4e430c8c8ba96be8c6ec4f2eb108bb8bcbee069 (patch) | |
tree | ff8fb70c06b5dd58f6c8d89a0b5d4d19c5a4fc5d /fs/cifs/cifsencrypt.c | |
parent | f5823f5ee36040c2a8b8b36afe0783fe0bd7ad14 (diff) |
cifs: replace kfree() with kfree_sensitive() for sensitive data
Replace kfree with kfree_sensitive, or prepend memzero_explicit() in
other cases, when freeing sensitive material that could still be left
in memory.
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
Reported-by: kernel test robot <oliver.sang@intel.com>
Link: https://lore.kernel.org/r/202209201529.ec633796-oliver.sang@intel.com
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/cifs/cifsencrypt.c')
-rw-r--r-- | fs/cifs/cifsencrypt.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index 46f5718754f9..d848bc0aac27 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c @@ -679,7 +679,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) unlock: cifs_server_unlock(ses->server); setup_ntlmv2_rsp_ret: - kfree(tiblob); + kfree_sensitive(tiblob); return rc; } @@ -753,14 +753,14 @@ cifs_crypto_secmech_release(struct TCP_Server_Info *server) server->secmech.ccmaesdecrypt = NULL; } - kfree(server->secmech.sdesccmacaes); + kfree_sensitive(server->secmech.sdesccmacaes); server->secmech.sdesccmacaes = NULL; - kfree(server->secmech.sdeschmacsha256); + kfree_sensitive(server->secmech.sdeschmacsha256); server->secmech.sdeschmacsha256 = NULL; - kfree(server->secmech.sdeschmacmd5); + kfree_sensitive(server->secmech.sdeschmacmd5); server->secmech.sdeschmacmd5 = NULL; - kfree(server->secmech.sdescmd5); + kfree_sensitive(server->secmech.sdescmd5); server->secmech.sdescmd5 = NULL; - kfree(server->secmech.sdescsha512); + kfree_sensitive(server->secmech.sdescsha512); server->secmech.sdescsha512 = NULL; } |