From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756084AbZEaCPx (ORCPT ); Sat, 30 May 2009 22:15:53 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752909AbZEaCPp (ORCPT ); Sat, 30 May 2009 22:15:45 -0400 Received: from mx2.redhat.com ([66.187.237.31]:58252 "EHLO mx2.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752283AbZEaCPo (ORCPT ); Sat, 30 May 2009 22:15:44 -0400 Message-ID: <4A21E816.4050203@redhat.com> Date: Sat, 30 May 2009 22:14:46 -0400 From: Rik van Riel Organization: Red Hat, Inc User-Agent: Thunderbird 2.0.0.17 (X11/20080915) MIME-Version: 1.0 To: "Larry H." CC: linux-kernel@vger.kernel.org, linux-mm@kvack.org, Alan Cox , pageexec@freemail.hu, Linus Torvalds Subject: Re: [PATCH] Use kzfree in mac80211 key handling to enforce data sanitization References: <20090531015801.GB8941@oblivion.subreption.com> In-Reply-To: <20090531015801.GB8941@oblivion.subreption.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Larry H. wrote: > [PATCH] Use kzfree in mac80211 key handling to enforce data sanitization > > This patch replaces the kfree() calls within the mac80211 WEP RC4 key > handling and ieee80211 management APIs with kzfree(), to enforce > sanitization of the key buffer contents. > > This prevents the keys from persisting on memory, potentially > leaking to other kernel users after re-allocation of the memory by > the LIFO allocators, or in coldboot attack scenarios. Information can be > leaked as well due to use of uninitialized variables, or other bugs. > > This patch doesn't affect fastpaths. This seems to be essentially what Ingo proposed. Clearing out a buffer that held a wifi key on free makes sense, even for systems that are not in paranoid mode. > Signed-off-by: Larry Highsmith Acked-by: Rik van Riiel -- All rights reversed.