Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1769450imm; Thu, 27 Sep 2018 02:08:42 -0700 (PDT) X-Google-Smtp-Source: ACcGV61XFf7/iQ4ZWErV5U0GNd060x8gNNUZs9M77Q0htpAPkOVGnoiJQvG1MWszWbcQTCeaGu/z X-Received: by 2002:a62:2646:: with SMTP id m67-v6mr10380598pfm.254.1538039322861; Thu, 27 Sep 2018 02:08:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538039322; cv=none; d=google.com; s=arc-20160816; b=aken47wqiuJwEBnR8Sx9b3GLV/ZLCXhecGOCu26isGc4VKOjR0tx/wzCSfxEe81vln ecciIp1NycHPfcEkmOkqxrAU+x4Gw/1hc80YzsT/JuVy6hDNBUAChIqYH2Bik4TnJB0M wkysTpwitZw8fe97BpqBuRVpoYisybR6K393Tnu843MayIbigvMtCoojnPftYbwVRMvK i+d0DspPAyH4TnfoX1wOSojZ7dsmEt9mq9nAY8NTWM7CpDTL1V+0zBA7GyNsbv7j0g51 EUSEnfnu1u5CHoRM+E98SczI5xYvApIvFC0XHXQHclZ6/1fOftu9SL/+3893V5ekTSyO AJVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=/kiA5/UDNZurCYFCQOPGBcs198mczS8oN0jp52xNRFg=; b=v36H3ApawcRkoeAffbPHO2UsTHXxqiGNimUBYW7QrVym4zNwHmqjlxVyjvbvDz0Koi B7BHlotg5bLbWoy5o7YVxXxGaRM+VxT327sFQV35Bd79WbqFyz68PkmNZU4AoXPuc3Kl dSEE4Ij9LBGnUA9r7M8x17UvMLfxkfw9U5WP7lR37vm0hOJefp8r1aZuFHJH+1SfYGzT BmGe8DJXeCozrNNikVMsPWexSqtzEyF2TqZNnnkXGWnf78YAhLyk2pOSvk3w1DteOhxN ngOt/PwTUgTCFIanOJ4TjZzdWtwxjv3Ot39F/aOKeru9qFIkIiJXXn5M50e3npzssWXI oJNQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b10-v6si1637337pla.253.2018.09.27.02.08.27; Thu, 27 Sep 2018 02:08:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727653AbeI0PZH (ORCPT + 99 others); Thu, 27 Sep 2018 11:25:07 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:54890 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727020AbeI0PZH (ORCPT ); Thu, 27 Sep 2018 11:25:07 -0400 Received: from localhost (ip-213-127-77-73.ip.prioritytelecom.net [213.127.77.73]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id EC92710C7; Thu, 27 Sep 2018 09:07:51 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sabrina Dubroca , "David S. Miller" Subject: [PATCH 4.18 10/88] tls: clear key material from kernel memory when do_tls_setsockopt_conf fails Date: Thu, 27 Sep 2018 11:02:51 +0200 Message-Id: <20180927090301.784644648@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180927090300.631426620@linuxfoundation.org> References: <20180927090300.631426620@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sabrina Dubroca [ Upstream commit c844eb46b7d43c2cf760169df5ae1d5b033af338 ] Fixes: 3c4d7559159b ("tls: kernel TLS support") Signed-off-by: Sabrina Dubroca Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/tls/tls_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -502,7 +502,7 @@ static int do_tls_setsockopt_conf(struct goto out; err_crypto_info: - memset(crypto_info, 0, sizeof(*crypto_info)); + memzero_explicit(crypto_info, sizeof(union tls_crypto_context)); out: return rc; }