[PATCH] dm-crypt: zero key before freeing it

Zap the memory before freeing it so we don't leave crypto information around in memory. Signed-off-by: Stefan Rompf <stefan@loplof.de> Acked-by: Clemens Fruhwirth <clemens@endorphin.org> Acked-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-06 00:20:08 -08:00 · 2006-01-06 00:20:08 -08:00 · 9d3520a339
commit 9d3520a339
parent 0b56306e56
1 changed files with 5 additions and 0 deletions
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@ -690,6 +690,8 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
 bad2:
 	crypto_free_tfm(tfm);
 bad1:
+	/* Must zero key material before freeing */
+	memset(cc, 0, sizeof(*cc) + cc->key_size * sizeof(u8));
 	kfree(cc);
 	return -EINVAL;
 }
@ -706,6 +708,9 @@ static void crypt_dtr(struct dm_target *ti)
 		cc->iv_gen_ops->dtr(cc);
 	crypto_free_tfm(cc->tfm);
 	dm_put_device(ti, cc->dev);
+
+	/* Must zero key material before freeing */
+	memset(cc, 0, sizeof(*cc) + cc->key_size * sizeof(u8));
 	kfree(cc);
 }