From: Luca Boccassi Date: Mon, 23 Mar 2026 21:13:03 +0000 (+0000) Subject: creds: use CLEANUP_ERASE for symmetric key X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3af158759fedea440ce06d7b139dc0dcd28bab06;p=thirdparty%2Fsystemd.git creds: use CLEANUP_ERASE for symmetric key Just in case, ensure the sha256 that is used as a symmetric key for encrypted creds is safely erased from memory. Reported on yeswehack.com as YWH-PGM9780-166 Follow-up for 21bc0b6fa1de44b520353b935bf14160f9f70591 --- diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c index 54ae368fdfb..9c093181c7b 100644 --- a/src/shared/creds-util.c +++ b/src/shared/creds-util.c @@ -840,6 +840,8 @@ int encrypt_credential_and_warn( /* Only one of these two flags may be set at the same time */ assert(!FLAGS_SET(flags, CREDENTIAL_ALLOW_NULL) || !FLAGS_SET(flags, CREDENTIAL_REFUSE_NULL)); + CLEANUP_ERASE(md); + if (!CRED_KEY_IS_VALID(with_key) && !CRED_KEY_IS_AUTO(with_key)) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid key type: " SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(with_key)); @@ -1204,6 +1206,8 @@ int decrypt_credential_and_warn( /* Only one of these two flags may be set at the same time */ assert(!FLAGS_SET(flags, CREDENTIAL_ALLOW_NULL) || !FLAGS_SET(flags, CREDENTIAL_REFUSE_NULL)); + CLEANUP_ERASE(md); + /* Relevant error codes: * * -EBADMSG → Corrupted file