linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Daniel Borkmann <dborkman@redhat.com>,
	"David S. Miller" <davem@davemloft.net>
Subject: [ 15/22] net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
Date: Tue, 12 Feb 2013 12:36:58 -0800	[thread overview]
Message-ID: <20130212203416.415877916@linuxfoundation.org> (raw)
In-Reply-To: <20130212203413.459836020@linuxfoundation.org>

3.0-stable review patch.  If anyone has any objections, please let me know.

------------------


From: Daniel Borkmann <dborkman@redhat.com>

[ Upstream commit 6ba542a291a5e558603ac51cda9bded347ce7627 ]

In sctp_setsockopt_auth_key, we create a temporary copy of the user
passed shared auth key for the endpoint or association and after
internal setup, we free it right away. Since it's sensitive data, we
should zero out the key before returning the memory back to the
allocator. Thus, use kzfree instead of kfree, just as we do in
sctp_auth_key_put().

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sctp/socket.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -3304,7 +3304,7 @@ static int sctp_setsockopt_auth_key(stru
 
 	ret = sctp_auth_set_key(sctp_sk(sk)->ep, asoc, authkey);
 out:
-	kfree(authkey);
+	kzfree(authkey);
 	return ret;
 }
 



  parent reply	other threads:[~2013-02-12 20:40 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-02-12 20:36 [ 00/22] 3.0.64-stable review Greg Kroah-Hartman
2013-02-12 20:36 ` [ 01/22] rtlwifi: Fix the usage of the wrong variable in usb.c Greg Kroah-Hartman
2013-02-12 20:36 ` [ 02/22] virtio_console: Dont access uninitialized data Greg Kroah-Hartman
2013-02-12 20:36 ` [ 03/22] kernel/resource.c: fix stack overflow in __reserve_region_with_split() Greg Kroah-Hartman
2013-02-12 20:36 ` [ 04/22] mac80211: synchronize scan off/on-channel and PS states Greg Kroah-Hartman
2013-02-12 20:36 ` [ 05/22] net: prevent setting ttl=0 via IP_TTL Greg Kroah-Hartman
2013-02-12 20:36 ` [ 06/22] MAINTAINERS: Stephen Hemminger email change Greg Kroah-Hartman
2013-02-12 20:36 ` [ 07/22] isdn/gigaset: fix zero size border case in debug dump Greg Kroah-Hartman
2013-02-12 20:36 ` [ 08/22] r8169: remove the obsolete and incorrect AMD workaround Greg Kroah-Hartman
2013-02-12 20:36 ` [ 09/22] net: loopback: fix a dst refcounting issue Greg Kroah-Hartman
2013-02-12 20:36 ` [ 10/22] pktgen: correctly handle failures when adding a device Greg Kroah-Hartman
2013-02-12 20:36 ` [ 11/22] ipv6: do not create neighbor entries for local delivery Greg Kroah-Hartman
2013-02-12 20:36 ` [ 12/22] packet: fix leakage of tx_ring memory Greg Kroah-Hartman
2013-02-12 20:36 ` [ 13/22] atm/iphase: rename fregt_t -> ffreg_t Greg Kroah-Hartman
2013-02-12 20:36 ` [ 14/22] sctp: refactor sctp_outq_teardown to insure proper re-initalization Greg Kroah-Hartman
2013-02-12 20:36 ` Greg Kroah-Hartman [this message]
2013-02-12 20:36 ` [ 16/22] net: sctp: sctp_endpoint_free: zero out secret key data Greg Kroah-Hartman
2013-02-12 20:37 ` [ 17/22] tcp: frto should not set snd_cwnd to 0 Greg Kroah-Hartman
2013-02-12 20:37 ` [ 18/22] tcp: fix for zero packets_in_flight was too broad Greg Kroah-Hartman
2013-02-12 20:37 ` [ 19/22] tcp: fix MSG_SENDPAGE_NOTLAST logic Greg Kroah-Hartman
2013-02-12 20:37 ` [ 20/22] bridge: Pull ip header into skb->data before looking into ip header Greg Kroah-Hartman
2013-02-12 20:37 ` [ 21/22] tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode Greg Kroah-Hartman
2013-02-12 20:37 ` [ 22/22] tg3: Fix crc errors on jumbo frame receive Greg Kroah-Hartman
2013-02-13  8:06 ` [ 00/22] 3.0.64-stable review Satoru Takeuchi
2013-02-13 15:51 ` Shuah Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130212203416.415877916@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=davem@davemloft.net \
    --cc=dborkman@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).