Commit a4e430c8 authored by Enzo Matsumiya's avatar Enzo Matsumiya Committed by Steve French
Browse files

cifs: replace kfree() with kfree_sensitive() for sensitive data 



Replace kfree with kfree_sensitive, or prepend memzero_explicit() in
other cases, when freeing sensitive material that could still be left
in memory.

Signed-off-by: default avatarEnzo Matsumiya <ematsumiya@suse.de>
Reported-by: default avatarkernel test robot <oliver.sang@intel.com>
Link: https://lore.kernel.org/r/202209201529.ec633796-oliver.sang@intel.com


Reviewed-by: default avatarPaulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent f5823f5e

fs/cifs/cifsencrypt.c

+6 −6
Original line number Diff line number Diff line
@@ -679,7 +679,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) 
unlock:

	cifs_server_unlock(ses->server);

setup_ntlmv2_rsp_ret:

	kfree(tiblob);

	kfree_sensitive(tiblob);



	return rc;

}
@@ -753,14 +753,14 @@ cifs_crypto_secmech_release(struct TCP_Server_Info *server) 
		server->secmech.ccmaesdecrypt = NULL;

	}



	kfree(server->secmech.sdesccmacaes);

	kfree_sensitive(server->secmech.sdesccmacaes);

	server->secmech.sdesccmacaes = NULL;

	kfree(server->secmech.sdeschmacsha256);

	kfree_sensitive(server->secmech.sdeschmacsha256);

	server->secmech.sdeschmacsha256 = NULL;

	kfree(server->secmech.sdeschmacmd5);

	kfree_sensitive(server->secmech.sdeschmacmd5);

	server->secmech.sdeschmacmd5 = NULL;

	kfree(server->secmech.sdescmd5);

	kfree_sensitive(server->secmech.sdescmd5);

	server->secmech.sdescmd5 = NULL;

	kfree(server->secmech.sdescsha512);

	kfree_sensitive(server->secmech.sdescsha512);

	server->secmech.sdescsha512 = NULL;

}

fs/cifs/connect.c

+3 −3
Original line number Diff line number Diff line
@@ -311,7 +311,7 @@ cifs_abort_connection(struct TCP_Server_Info *server) 
	}

	server->sequence_number = 0;

	server->session_estab = false;

	kfree(server->session_key.response);

	kfree_sensitive(server->session_key.response);

	server->session_key.response = NULL;

	server->session_key.len = 0;

	server->lstrp = jiffies;
@@ -1580,7 +1580,7 @@ cifs_put_tcp_session(struct TCP_Server_Info *server, int from_reconnect) 


	cifs_crypto_secmech_release(server);



	kfree(server->session_key.response);

	kfree_sensitive(server->session_key.response);

	server->session_key.response = NULL;

	server->session_key.len = 0;

	kfree(server->hostname);
@@ -4135,7 +4135,7 @@ cifs_setup_session(const unsigned int xid, struct cifs_ses *ses, 
		if (ses->auth_key.response) {

			cifs_dbg(FYI, "Free previous auth_key.response = %p\n",

				 ses->auth_key.response);

			kfree(ses->auth_key.response);

			kfree_sensitive(ses->auth_key.response);

			ses->auth_key.response = NULL;

			ses->auth_key.len = 0;

		}

fs/cifs/fs_context.c

+10 −2
Original line number Diff line number Diff line
@@ -791,6 +791,13 @@ do { \ 
	cifs_sb->ctx->field = NULL;					\

} while (0)



#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field)			\

do {									\

	kfree_sensitive(ctx->field);					\

	ctx->field = cifs_sb->ctx->field;				\

	cifs_sb->ctx->field = NULL;					\

} while (0)



static int smb3_reconfigure(struct fs_context *fc)

{

	struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -811,7 +818,7 @@ static int smb3_reconfigure(struct fs_context *fc) 
	STEAL_STRING(cifs_sb, ctx, UNC);

	STEAL_STRING(cifs_sb, ctx, source);

	STEAL_STRING(cifs_sb, ctx, username);

	STEAL_STRING(cifs_sb, ctx, password);

	STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);

	STEAL_STRING(cifs_sb, ctx, domainname);

	STEAL_STRING(cifs_sb, ctx, nodename);

	STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1162,7 +1169,7 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, 
		}

		break;

	case Opt_pass:

		kfree(ctx->password);

		kfree_sensitive(ctx->password);

		ctx->password = NULL;

		if (strlen(param->string) == 0)

			break;
@@ -1470,6 +1477,7 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, 
	return 0;



 cifs_parse_mount_err:

	kfree_sensitive(ctx->password);

	return -EINVAL;

}

fs/cifs/misc.c

+1 −1
Original line number Diff line number Diff line
@@ -1119,7 +1119,7 @@ cifs_alloc_hash(const char *name, 
void

cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)

{

	kfree(*sdesc);

	kfree_sensitive(*sdesc);

	*sdesc = NULL;

	if (*shash)

		crypto_free_shash(*shash);

fs/cifs/sess.c

+15 −9
Original line number Diff line number Diff line
@@ -1213,6 +1213,12 @@ sess_alloc_buffer(struct sess_data *sess_data, int wct) 
static void

sess_free_buffer(struct sess_data *sess_data)

{

	int i;



	/* zero the session data before freeing, as it might contain sensitive info (keys, etc) */

	for (i = 0; i < 3; i++)

		if (sess_data->iov[i].iov_base)

			memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);



	free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);

	sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1374,7 +1380,7 @@ sess_auth_ntlmv2(struct sess_data *sess_data) 
	sess_data->result = rc;

	sess_data->func = NULL;

	sess_free_buffer(sess_data);

	kfree(ses->auth_key.response);

	kfree_sensitive(ses->auth_key.response);

	ses->auth_key.response = NULL;

}
@@ -1513,7 +1519,7 @@ sess_auth_kerberos(struct sess_data *sess_data) 
	sess_data->result = rc;

	sess_data->func = NULL;

	sess_free_buffer(sess_data);

	kfree(ses->auth_key.response);

	kfree_sensitive(ses->auth_key.response);

	ses->auth_key.response = NULL;

}
@@ -1648,7 +1654,7 @@ sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data) 
	rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);



out_free_ntlmsspblob:

	kfree(ntlmsspblob);

	kfree_sensitive(ntlmsspblob);

out:

	sess_free_buffer(sess_data);
@@ -1658,9 +1664,9 @@ sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data) 
	}



	/* Else error. Cleanup */

	kfree(ses->auth_key.response);

	kfree_sensitive(ses->auth_key.response);

	ses->auth_key.response = NULL;

	kfree(ses->ntlmssp);

	kfree_sensitive(ses->ntlmssp);

	ses->ntlmssp = NULL;



	sess_data->func = NULL;
@@ -1759,7 +1765,7 @@ sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data) 
	}



out_free_ntlmsspblob:

	kfree(ntlmsspblob);

	kfree_sensitive(ntlmsspblob);

out:

	sess_free_buffer(sess_data);
@@ -1767,9 +1773,9 @@ sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data) 
		rc = sess_establish_session(sess_data);



	/* Cleanup */

	kfree(ses->auth_key.response);

	kfree_sensitive(ses->auth_key.response);

	ses->auth_key.response = NULL;

	kfree(ses->ntlmssp);

	kfree_sensitive(ses->ntlmssp);

	ses->ntlmssp = NULL;



	sess_data->func = NULL;
@@ -1845,7 +1851,7 @@ int CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses, 
	rc = sess_data->result;



out:

	kfree(sess_data);

	kfree_sensitive(sess_data);

	return rc;

}

#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */