Patchwork [3.5.y.z,extended,stable] Patch "net: sctp: sctp_endpoint_free: zero out secret key data" has been added to staging queue

mail settings
Submitter Herton Ronaldo Krzesinski
Date Feb. 15, 2013, 3:11 a.m.
Message ID <>
Download mbox | patch
Permalink /patch/220605/
State New
Headers show


Herton Ronaldo Krzesinski - Feb. 15, 2013, 3:11 a.m.
This is a note to let you know that I have just added a patch titled

    net: sctp: sctp_endpoint_free: zero out secret key data

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see



From 030e5f0548ca11558e646dfd343d52cdd05bb2f5 Mon Sep 17 00:00:00 2001
From: Daniel Borkmann <>
Date: Fri, 8 Feb 2013 03:04:35 +0000
Subject: [PATCH] net: sctp: sctp_endpoint_free: zero out secret key data

commit b5c37fe6e24eec194bb29d22fdd55d73bcc709bf upstream.

On sctp_endpoint_destroy, previously used sensitive keying material
should be zeroed out before the memory is returned, as we already do
with e.g. auth keys when released.

Signed-off-by: Daniel Borkmann <>
Acked-by: Vlad Yasevich <>
Signed-off-by: David S. Miller <>
Signed-off-by: Herton Ronaldo Krzesinski <>
 net/sctp/endpointola.c |    5 +++++
 1 file changed, 5 insertions(+)



diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
index 68a385d..58cd035 100644
--- a/net/sctp/endpointola.c
+++ b/net/sctp/endpointola.c
@@ -248,6 +248,8 @@  void sctp_endpoint_free(struct sctp_endpoint *ep)
 /* Final destructor for endpoint.  */
 static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
+	int i;
 	SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return);

 	/* Free up the HMAC transform. */
@@ -270,6 +272,9 @@  static void sctp_endpoint_destroy(struct sctp_endpoint *ep)

+	for (i = 0; i < SCTP_HOW_MANY_SECRETS; ++i)
+		memset(&ep->secret_key[i], 0, SCTP_SECRET_SIZE);
 	/* Remove and free the port */
 	if (sctp_sk(ep->>bind_hash)