git.baikalelectronics.ru Git - kernel.git/commit

author	Eric Biggers <ebiggers@google.com>
	Thu, 8 Jun 2017 13:49:26 +0000 (14:49 +0100)
committer	James Morris <james.l.morris@oracle.com>
	Fri, 9 Jun 2017 03:29:48 +0000 (13:29 +1000)
commit	97d264c921b5d6042cff5823829a8b30cf48b0f4
tree	e946b82852f2e72c559a1acaa458e7d6e0173acc	tree \| snapshot
parent	b1a6a23c935b0ca057c0123330d42cfa7340de85	commit \| diff

KEYS: sanitize key structs before freeing

While a 'struct key' itself normally does not contain sensitive
information, Documentation/security/keys.txt actually encourages this:

     "Having a payload is not required; and the payload can, in fact,
     just be a value stored in the struct key itself."

In case someone has taken this advice, or will take this advice in the
future, zero the key structure before freeing it.  We might as well, and
as a bonus this could make it a bit more difficult for an adversary to
determine which keys have recently been in use.

This is safe because the key_jar cache does not use a constructor.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>

include/linux/key.h		diff \| blob \| history
security/keys/gc.c		diff \| blob \| history