#include "string-util.h"
#include "util.h"
+static void security_association_clear(SecurityAssociation *sa) {
+ if (!sa)
+ return;
+
+ explicit_bzero_safe(sa->key, sa->key_len);
+ free(sa->key);
+}
+
static void macsec_receive_association_free(ReceiveAssociation *c) {
if (!c)
return;
ordered_hashmap_remove(c->macsec->receive_associations_by_section, c->section);
network_config_section_free(c->section);
- free(c->sa.key);
+ security_association_clear(&c->sa);
free(c);
}
ordered_hashmap_remove(a->macsec->transmit_associations_by_section, a->section);
network_config_section_free(a->section);
- free(a->sa.key);
+ security_association_clear(&a->sa);
free(a);
}
dest = a ? &a->sa : &b->sa;
- r = unhexmem(rvalue, strlen(rvalue), &p, &l);
+ r = unhexmem_full(rvalue, strlen(rvalue), true, &p, &l);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to parse key. Ignoring assignment: %m");
}
if (l != 16) {
/* See DEFAULT_SAK_LEN in drivers/net/macsec.c */
+ explicit_bzero_safe(p, l);
log_syntax(unit, LOG_ERR, filename, line, 0,
"Invalid key length (%zu). Ignoring assignment", l);
return 0;