From: Daniel Borkmann <dborkman@redhat.com>
To: Vlad Yasevich <vyasevich@gmail.com>
Cc: davem@davemloft.net, linux-sctp@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH net 2/2] net: sctp: sctp_endpoint_free: zero out secret key data
Date: Fri, 08 Feb 2013 17:02:25 +0100 [thread overview]
Message-ID: <51152191.5070201@redhat.com> (raw)
In-Reply-To: <51151EAA.2090302@gmail.com>
On 02/08/2013 04:50 PM, Vlad Yasevich wrote:
> On 02/08/2013 08:04 AM, Daniel Borkmann wrote:
>> On sctp_endpoint_destroy, previously used sensitive keying material
>> should be zeroed out before the memory is returned, as we already do
>> with e.g. auth keys when released.
>>
>> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
>
> I'll ack this, but the whole multiple cookie keys code is completely unused and has been all this time. Noone uses anything other then the secret_key[0] since there is no changeover support anywhere. It might be nice to clean that up too.
Put on my todo list for follow-up patches, thanks.
> Acked-by: Vlad Yasevich <vyasevic@redhat.com>
>
> -vlad
>
>> ---
>> net/sctp/endpointola.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
>> index 17a001b..1a9c5fb 100644
>> --- a/net/sctp/endpointola.c
>> +++ b/net/sctp/endpointola.c
>> @@ -249,6 +249,8 @@ void sctp_endpoint_free(struct sctp_endpoint *ep)
>> /* Final destructor for endpoint. */
>> static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
>> {
>> + int i;
>> +
>> SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return);
>>
>> /* Free up the HMAC transform. */
>> @@ -271,6 +273,9 @@ static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
>> sctp_inq_free(&ep->base.inqueue);
>> sctp_bind_addr_free(&ep->base.bind_addr);
>>
>> + for (i = 0; i < SCTP_HOW_MANY_SECRETS; ++i)
>> + memset(&ep->secret_key[i], 0, SCTP_SECRET_SIZE);
>> +
>> /* Remove and free the port */
>> if (sctp_sk(ep->base.sk)->bind_hash)
>> sctp_put_port(ep->base.sk);
>>
>
>
> c
> If
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Borkmann <dborkman@redhat.com>
To: Vlad Yasevich <vyasevich@gmail.com>
Cc: davem@davemloft.net, linux-sctp@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH net 2/2] net: sctp: sctp_endpoint_free: zero out secret key data
Date: Fri, 08 Feb 2013 16:02:25 +0000 [thread overview]
Message-ID: <51152191.5070201@redhat.com> (raw)
In-Reply-To: <51151EAA.2090302@gmail.com>
On 02/08/2013 04:50 PM, Vlad Yasevich wrote:
> On 02/08/2013 08:04 AM, Daniel Borkmann wrote:
>> On sctp_endpoint_destroy, previously used sensitive keying material
>> should be zeroed out before the memory is returned, as we already do
>> with e.g. auth keys when released.
>>
>> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
>
> I'll ack this, but the whole multiple cookie keys code is completely unused and has been all this time. Noone uses anything other then the secret_key[0] since there is no changeover support anywhere. It might be nice to clean that up too.
Put on my todo list for follow-up patches, thanks.
> Acked-by: Vlad Yasevich <vyasevic@redhat.com>
>
> -vlad
>
>> ---
>> net/sctp/endpointola.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
>> index 17a001b..1a9c5fb 100644
>> --- a/net/sctp/endpointola.c
>> +++ b/net/sctp/endpointola.c
>> @@ -249,6 +249,8 @@ void sctp_endpoint_free(struct sctp_endpoint *ep)
>> /* Final destructor for endpoint. */
>> static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
>> {
>> + int i;
>> +
>> SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return);
>>
>> /* Free up the HMAC transform. */
>> @@ -271,6 +273,9 @@ static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
>> sctp_inq_free(&ep->base.inqueue);
>> sctp_bind_addr_free(&ep->base.bind_addr);
>>
>> + for (i = 0; i < SCTP_HOW_MANY_SECRETS; ++i)
>> + memset(&ep->secret_key[i], 0, SCTP_SECRET_SIZE);
>> +
>> /* Remove and free the port */
>> if (sctp_sk(ep->base.sk)->bind_hash)
>> sctp_put_port(ep->base.sk);
>>
>
>
> c
> If
next prev parent reply other threads:[~2013-02-08 16:02 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-08 13:04 [PATCH net 0/2] two small fixes for sctp key usage Daniel Borkmann
2013-02-08 13:04 ` Daniel Borkmann
2013-02-08 13:04 ` [PATCH net 1/2] net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree Daniel Borkmann
2013-02-08 13:04 ` Daniel Borkmann
2013-02-08 13:04 ` [PATCH net 2/2] net: sctp: sctp_endpoint_free: zero out secret key data Daniel Borkmann
2013-02-08 13:04 ` Daniel Borkmann
2013-02-08 15:50 ` Vlad Yasevich
2013-02-08 15:50 ` Vlad Yasevich
2013-02-08 16:02 ` Daniel Borkmann [this message]
2013-02-08 16:02 ` Daniel Borkmann
2013-02-08 19:55 ` [PATCH net 0/2] two small fixes for sctp key usage David Miller
2013-02-08 19:55 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51152191.5070201@redhat.com \
--to=dborkman@redhat.com \
--cc=davem@davemloft.net \
--cc=linux-sctp@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.