]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
cryptsetup-pkcs11: use erase_and_free for decrypted key cleanup.
authorOndrej Kozina <okozina@redhat.com>
Thu, 27 May 2021 06:50:01 +0000 (08:50 +0200)
committerLennart Poettering <lennart@poettering.net>
Mon, 7 Jun 2021 21:09:00 +0000 (23:09 +0200)
It's hard to hit but it could leave decrypted key in memory on error
path.

src/cryptsetup/cryptsetup-pkcs11.c

index 67adf923cc064e512ee8b7db0410ea09678ea331..e743f10151be0f46590c585097d9235f4e0bc695 100644 (file)
@@ -36,7 +36,7 @@ struct pkcs11_callback_data {
 };
 
 static void pkcs11_callback_data_release(struct pkcs11_callback_data *data) {
-        free(data->decrypted_key);
+        erase_and_free(data->decrypted_key);
 
         if (data->free_encrypted_key)
                 free(data->encrypted_key);