github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-04 04:23:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
e7a37c9e42
linux/net/xfrm
History
Zilin Guan e7a37c9e42 xfrm: use kfree_sensitive() for SA secret zeroization 
High-level copy_to_user_* APIs already redact SA secret fields when
redaction is enabled, but the state teardown path still freed aead,
aalg and ealg structs with plain kfree(), which does not clear memory
before deallocation. This can leave SA keys and other confidential
data in memory, risking exposure via post-free vulnerabilities.

Since this path is outside the packet fast path, the cost of zeroization
is acceptable and prevents any residual key material. This patch
replaces those kfree() calls unconditionally with kfree_sensitive(),
which zeroizes the entire buffer before freeing.

Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2025-05-20 07:55:00 +02:00
..
espintcp.c net: move netdev_max_backlog to net_hotdata 2024-03-07 21:12:42 -08:00
Kconfig xfrm: config: add CONFIG_XFRM_IPTFS 2024-12-05 10:00:53 +01:00
Makefile xfrm: iptfs: add new iptfs xfrm mode impl 2024-12-05 10:01:35 +01:00
trace_iptfs.h xfrm: iptfs: add tracepoint functionality 2024-12-05 10:02:36 +01:00
xfrm_algo.c xfrm: ipcomp: Use crypto_acomp interface 2025-03-21 17:36:49 +08:00
xfrm_compat.c xfrm: netlink: add config (netlink) options 2024-12-05 10:01:15 +01:00
xfrm_device.c xfrm: prevent configuration of interface index when offload is used 2025-05-15 09:56:20 +02:00
xfrm_hash.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
xfrm_hash.h xfrm: add state hashtable keyed by seq 2021-05-14 13:52:01 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c net: remove init_dummy_netdev() 2025-01-13 19:06:51 -08:00
xfrm_interface_bpf.c bpf: treewide: Annotate BPF kfuncs in BTF 2024-01-31 20:40:56 -08:00
xfrm_interface_core.c net: xfrm: Use link netns in newlink() of rtnl_link_ops 2025-02-21 15:28:03 -08:00
xfrm_ipcomp.c xfrm: ipcomp: Use crypto_acomp interface 2025-03-21 17:36:49 +08:00
xfrm_iptfs.c xfrm: Switch to use hrtimer_setup() 2025-02-18 10:35:47 +01:00
xfrm_nat_keepalive.c xfrm: support sending NAT keepalives in ESP in UDP states 2024-06-26 13:22:42 +02:00
xfrm_output.c ipsec-next-2025-03-24 2025-03-25 08:50:10 -07:00
xfrm_policy.c xfrm: Migrate offload configuration 2025-04-17 11:00:03 +02:00
xfrm_proc.c xfrm: add generic iptfs defines and functionality 2024-12-05 10:01:28 +01:00
xfrm_replay.c ipsec-2025-01-27 2025-01-27 15:15:12 -08:00
xfrm_state_bpf.c bpf: treewide: Annotate BPF kfuncs in BTF 2024-01-31 20:40:56 -08:00
xfrm_state.c xfrm: use kfree_sensitive() for SA secret zeroization 2025-05-20 07:55:00 +02:00
xfrm_sysctl.c net: Remove ctl_table sentinel elements from several networking subsystems 2024-05-03 13:29:42 +01:00
xfrm_user.c xfrm: validate assignment of maximal possible SEQ number 2025-05-15 09:56:19 +02:00