LinuxLists.cc - [PATCH net v1] net: ipv4: Use kfree

2023-07-17 10:34:08

Subject: [PATCH net v1] net: ipv4: Use kfree_sensitive instead of kfree

key might contain private part of the key, so better use
kfree_sensitive to free it.

Fixes: 38320c70d282 ("[IPSEC]: Use crypto_aead and authenc in ESP")
Signed-off-by: Wang Ming <[email protected]>
---
net/ipv4/esp4.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index ba06ed42e428..2be2d4922557 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -1132,7 +1132,7 @@ static int esp_init_authenc(struct xfrm_state *x,
err = crypto_aead_setkey(aead, key, keylen);

free_key:
- kfree(key);
+ kfree_sensitive(key);

error:
return err;
--
2.25.1

2023-07-17 19:18:58

by Tariq Toukan

[permalink] [raw]

Subject: Re: [PATCH net v1] net: ipv4: Use kfree_sensitive instead of kfree

On 17/07/2023 12:59, Wang Ming wrote:
> key might contain private part of the key, so better use
> kfree_sensitive to free it.
>
> Fixes: 38320c70d282 ("[IPSEC]: Use crypto_aead and authenc in ESP")
> Signed-off-by: Wang Ming <[email protected]>
> ---
> net/ipv4/esp4.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
> index ba06ed42e428..2be2d4922557 100644
> --- a/net/ipv4/esp4.c
> +++ b/net/ipv4/esp4.c
> @@ -1132,7 +1132,7 @@ static int esp_init_authenc(struct xfrm_state *x,
> err = crypto_aead_setkey(aead, key, keylen);
>
> free_key:
> - kfree(key);
> + kfree_sensitive(key);
>
> error:
> return err;

LGTM.
Reviewed-by: Tariq Toukan <[email protected]>

2023-07-17 19:34:55

by Kuniyuki Iwashima

[permalink] [raw]

Subject: Re: [PATCH net v1] net: ipv4: Use kfree_sensitive instead of kfree

From: Wang Ming <[email protected]>
Date: Mon, 17 Jul 2023 17:59:19 +0800
> key might contain private part of the key, so better use
> kfree_sensitive to free it.
>
> Fixes: 38320c70d282 ("[IPSEC]: Use crypto_aead and authenc in ESP")
> Signed-off-by: Wang Ming <[email protected]>

Reviewed-by: Kuniyuki Iwashima <[email protected]>

> ---
> net/ipv4/esp4.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
> index ba06ed42e428..2be2d4922557 100644
> --- a/net/ipv4/esp4.c
> +++ b/net/ipv4/esp4.c
> @@ -1132,7 +1132,7 @@ static int esp_init_authenc(struct xfrm_state *x,
> err = crypto_aead_setkey(aead, key, keylen);
>
> free_key:
> - kfree(key);
> + kfree_sensitive(key);
>
> error:
> return err;
> --
> 2.25.1

2023-07-19 10:20:39

by patchwork-bot+netdevbpf

[permalink] [raw]

Subject: Re: [PATCH net v1] net: ipv4: Use kfree_sensitive instead of kfree

Hello:

This patch was applied to netdev/net.git (main)
by David S. Miller <[email protected]>:

On Mon, 17 Jul 2023 17:59:19 +0800 you wrote:
> key might contain private part of the key, so better use
> kfree_sensitive to free it.
>
> Fixes: 38320c70d282 ("[IPSEC]: Use crypto_aead and authenc in ESP")
> Signed-off-by: Wang Ming <[email protected]>
> ---
> net/ipv4/esp4.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)

Here is the summary with links:
- [net,v1] net: ipv4: Use kfree_sensitive instead of kfree
https://git.kernel.org/netdev/net/c/daa751444fd9

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html