[net,v2,3/3] tls: clear key material from kernel memory when do_tls_setsockopt_conf fails

Message ID a0dcabe2cef4f59ac80f42b533198741edd48c6b.1536766755.git.sd@queasysnail.net
State Accepted
Delegated to: David Miller
Headers show
Series
  • tls: don't leave keys in kernel memory
Related show

Commit Message

Sabrina Dubroca Sept. 12, 2018, 3:44 p.m.
Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
---
v2: use the new union tls_crypto_context

 net/tls/tls_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 737b3865be1b..523622dc74f8 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -509,7 +509,7 @@  static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
 	goto out;
 
 err_crypto_info:
-	memset(crypto_info, 0, sizeof(*crypto_info));
+	memzero_explicit(crypto_info, sizeof(union tls_crypto_context));
 out:
 	return rc;
 }