From: Ondrej Kozina <okozina@redhat.com>
Date: Thu, 27 May 2021 06:50:01 +0000 (+0200)
Subject: cryptsetup-pkcs11: use erase_and_free for decrypted key cleanup.
X-Git-Tag: v249-rc1~77
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1319c7e0441d3209feca300430736fef086bbe86;p=thirdparty%2Fsystemd.git

cryptsetup-pkcs11: use erase_and_free for decrypted key cleanup.

It's hard to hit but it could leave decrypted key in memory on error
path.
---

diff --git a/src/cryptsetup/cryptsetup-pkcs11.c b/src/cryptsetup/cryptsetup-pkcs11.c
index 67adf923cc0..e743f10151b 100644
--- a/src/cryptsetup/cryptsetup-pkcs11.c
+++ b/src/cryptsetup/cryptsetup-pkcs11.c
@@ -36,7 +36,7 @@ struct pkcs11_callback_data {
 };
 
 static void pkcs11_callback_data_release(struct pkcs11_callback_data *data) {
-        free(data->decrypted_key);
+        erase_and_free(data->decrypted_key);
 
         if (data->free_encrypted_key)
                 free(data->encrypted_key);