Commit a4e430c8 authored by Enzo Matsumiya's avatar Enzo Matsumiya Committed by Steve French

cifs: replace kfree() with kfree_sensitive() for sensitive data

Replace kfree with kfree_sensitive, or prepend memzero_explicit() in
other cases, when freeing sensitive material that could still be left
in memory.
Signed-off-by: default avatarEnzo Matsumiya <ematsumiya@suse.de>
Reported-by: default avatarkernel test robot <oliver.sang@intel.com>
Link: https://lore.kernel.org/r/202209201529.ec633796-oliver.sang@intel.comReviewed-by: default avatarPaulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
parent f5823f5e
...@@ -679,7 +679,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) ...@@ -679,7 +679,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
unlock: unlock:
cifs_server_unlock(ses->server); cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret: setup_ntlmv2_rsp_ret:
kfree(tiblob); kfree_sensitive(tiblob);
return rc; return rc;
} }
...@@ -753,14 +753,14 @@ cifs_crypto_secmech_release(struct TCP_Server_Info *server) ...@@ -753,14 +753,14 @@ cifs_crypto_secmech_release(struct TCP_Server_Info *server)
server->secmech.ccmaesdecrypt = NULL; server->secmech.ccmaesdecrypt = NULL;
} }
kfree(server->secmech.sdesccmacaes); kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL; server->secmech.sdesccmacaes = NULL;
kfree(server->secmech.sdeschmacsha256); kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL; server->secmech.sdeschmacsha256 = NULL;
kfree(server->secmech.sdeschmacmd5); kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL; server->secmech.sdeschmacmd5 = NULL;
kfree(server->secmech.sdescmd5); kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL; server->secmech.sdescmd5 = NULL;
kfree(server->secmech.sdescsha512); kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL; server->secmech.sdescsha512 = NULL;
} }
...@@ -311,7 +311,7 @@ cifs_abort_connection(struct TCP_Server_Info *server) ...@@ -311,7 +311,7 @@ cifs_abort_connection(struct TCP_Server_Info *server)
} }
server->sequence_number = 0; server->sequence_number = 0;
server->session_estab = false; server->session_estab = false;
kfree(server->session_key.response); kfree_sensitive(server->session_key.response);
server->session_key.response = NULL; server->session_key.response = NULL;
server->session_key.len = 0; server->session_key.len = 0;
server->lstrp = jiffies; server->lstrp = jiffies;
...@@ -1580,7 +1580,7 @@ cifs_put_tcp_session(struct TCP_Server_Info *server, int from_reconnect) ...@@ -1580,7 +1580,7 @@ cifs_put_tcp_session(struct TCP_Server_Info *server, int from_reconnect)
cifs_crypto_secmech_release(server); cifs_crypto_secmech_release(server);
kfree(server->session_key.response); kfree_sensitive(server->session_key.response);
server->session_key.response = NULL; server->session_key.response = NULL;
server->session_key.len = 0; server->session_key.len = 0;
kfree(server->hostname); kfree(server->hostname);
...@@ -4135,7 +4135,7 @@ cifs_setup_session(const unsigned int xid, struct cifs_ses *ses, ...@@ -4135,7 +4135,7 @@ cifs_setup_session(const unsigned int xid, struct cifs_ses *ses,
if (ses->auth_key.response) { if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n", cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response); ses->auth_key.response);
kfree(ses->auth_key.response); kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL; ses->auth_key.response = NULL;
ses->auth_key.len = 0; ses->auth_key.len = 0;
} }
......
...@@ -791,6 +791,13 @@ do { \ ...@@ -791,6 +791,13 @@ do { \
cifs_sb->ctx->field = NULL; \ cifs_sb->ctx->field = NULL; \
} while (0) } while (0)
#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
do { \
kfree_sensitive(ctx->field); \
ctx->field = cifs_sb->ctx->field; \
cifs_sb->ctx->field = NULL; \
} while (0)
static int smb3_reconfigure(struct fs_context *fc) static int smb3_reconfigure(struct fs_context *fc)
{ {
struct smb3_fs_context *ctx = smb3_fc2context(fc); struct smb3_fs_context *ctx = smb3_fc2context(fc);
...@@ -811,7 +818,7 @@ static int smb3_reconfigure(struct fs_context *fc) ...@@ -811,7 +818,7 @@ static int smb3_reconfigure(struct fs_context *fc)
STEAL_STRING(cifs_sb, ctx, UNC); STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source); STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username); STEAL_STRING(cifs_sb, ctx, username);
STEAL_STRING(cifs_sb, ctx, password); STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname); STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename); STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset); STEAL_STRING(cifs_sb, ctx, iocharset);
...@@ -1162,7 +1169,7 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, ...@@ -1162,7 +1169,7 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,
} }
break; break;
case Opt_pass: case Opt_pass:
kfree(ctx->password); kfree_sensitive(ctx->password);
ctx->password = NULL; ctx->password = NULL;
if (strlen(param->string) == 0) if (strlen(param->string) == 0)
break; break;
...@@ -1470,6 +1477,7 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, ...@@ -1470,6 +1477,7 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,
return 0; return 0;
cifs_parse_mount_err: cifs_parse_mount_err:
kfree_sensitive(ctx->password);
return -EINVAL; return -EINVAL;
} }
......
...@@ -1119,7 +1119,7 @@ cifs_alloc_hash(const char *name, ...@@ -1119,7 +1119,7 @@ cifs_alloc_hash(const char *name,
void void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc) cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{ {
kfree(*sdesc); kfree_sensitive(*sdesc);
*sdesc = NULL; *sdesc = NULL;
if (*shash) if (*shash)
crypto_free_shash(*shash); crypto_free_shash(*shash);
......
...@@ -1213,6 +1213,12 @@ sess_alloc_buffer(struct sess_data *sess_data, int wct) ...@@ -1213,6 +1213,12 @@ sess_alloc_buffer(struct sess_data *sess_data, int wct)
static void static void
sess_free_buffer(struct sess_data *sess_data) sess_free_buffer(struct sess_data *sess_data)
{ {
int i;
/* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
for (i = 0; i < 3; i++)
if (sess_data->iov[i].iov_base)
memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base); free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER; sess_data->buf0_type = CIFS_NO_BUFFER;
...@@ -1374,7 +1380,7 @@ sess_auth_ntlmv2(struct sess_data *sess_data) ...@@ -1374,7 +1380,7 @@ sess_auth_ntlmv2(struct sess_data *sess_data)
sess_data->result = rc; sess_data->result = rc;
sess_data->func = NULL; sess_data->func = NULL;
sess_free_buffer(sess_data); sess_free_buffer(sess_data);
kfree(ses->auth_key.response); kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL; ses->auth_key.response = NULL;
} }
...@@ -1513,7 +1519,7 @@ sess_auth_kerberos(struct sess_data *sess_data) ...@@ -1513,7 +1519,7 @@ sess_auth_kerberos(struct sess_data *sess_data)
sess_data->result = rc; sess_data->result = rc;
sess_data->func = NULL; sess_data->func = NULL;
sess_free_buffer(sess_data); sess_free_buffer(sess_data);
kfree(ses->auth_key.response); kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL; ses->auth_key.response = NULL;
} }
...@@ -1648,7 +1654,7 @@ sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data) ...@@ -1648,7 +1654,7 @@ sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data)
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses); rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob: out_free_ntlmsspblob:
kfree(ntlmsspblob); kfree_sensitive(ntlmsspblob);
out: out:
sess_free_buffer(sess_data); sess_free_buffer(sess_data);
...@@ -1658,9 +1664,9 @@ sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data) ...@@ -1658,9 +1664,9 @@ sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data)
} }
/* Else error. Cleanup */ /* Else error. Cleanup */
kfree(ses->auth_key.response); kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL; ses->auth_key.response = NULL;
kfree(ses->ntlmssp); kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL; ses->ntlmssp = NULL;
sess_data->func = NULL; sess_data->func = NULL;
...@@ -1759,7 +1765,7 @@ sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data) ...@@ -1759,7 +1765,7 @@ sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data)
} }
out_free_ntlmsspblob: out_free_ntlmsspblob:
kfree(ntlmsspblob); kfree_sensitive(ntlmsspblob);
out: out:
sess_free_buffer(sess_data); sess_free_buffer(sess_data);
...@@ -1767,9 +1773,9 @@ sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data) ...@@ -1767,9 +1773,9 @@ sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data)
rc = sess_establish_session(sess_data); rc = sess_establish_session(sess_data);
/* Cleanup */ /* Cleanup */
kfree(ses->auth_key.response); kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL; ses->auth_key.response = NULL;
kfree(ses->ntlmssp); kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL; ses->ntlmssp = NULL;
sess_data->func = NULL; sess_data->func = NULL;
...@@ -1845,7 +1851,7 @@ int CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses, ...@@ -1845,7 +1851,7 @@ int CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
rc = sess_data->result; rc = sess_data->result;
out: out:
kfree(sess_data); kfree_sensitive(sess_data);
return rc; return rc;
} }
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */ #endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
...@@ -4423,11 +4423,11 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, ...@@ -4423,11 +4423,11 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst,
if (!rc && enc) if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE); memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
kfree(iv); kfree_sensitive(iv);
free_sg: free_sg:
kfree(sg); kfree_sensitive(sg);
free_req: free_req:
kfree(req); kfree_sensitive(req);
return rc; return rc;
} }
......
...@@ -1345,6 +1345,13 @@ SMB2_sess_alloc_buffer(struct SMB2_sess_data *sess_data) ...@@ -1345,6 +1345,13 @@ SMB2_sess_alloc_buffer(struct SMB2_sess_data *sess_data)
static void static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data) SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{ {
int i;
/* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
for (i = 0; i < 2; i++)
if (sess_data->iov[i].iov_base)
memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base); free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER; sess_data->buf0_type = CIFS_NO_BUFFER;
} }
...@@ -1477,6 +1484,8 @@ SMB2_auth_kerberos(struct SMB2_sess_data *sess_data) ...@@ -1477,6 +1484,8 @@ SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
out_put_spnego_key: out_put_spnego_key:
key_invalidate(spnego_key); key_invalidate(spnego_key);
key_put(spnego_key); key_put(spnego_key);
if (rc)
kfree_sensitive(ses->auth_key.response);
out: out:
sess_data->result = rc; sess_data->result = rc;
sess_data->func = NULL; sess_data->func = NULL;
...@@ -1573,7 +1582,7 @@ SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data) ...@@ -1573,7 +1582,7 @@ SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data)
} }
out: out:
kfree(ntlmssp_blob); memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data); SMB2_sess_free_buffer(sess_data);
if (!rc) { if (!rc) {
sess_data->result = 0; sess_data->result = 0;
...@@ -1581,7 +1590,7 @@ SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data) ...@@ -1581,7 +1590,7 @@ SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data)
return; return;
} }
out_err: out_err:
kfree(ses->ntlmssp); kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL; ses->ntlmssp = NULL;
sess_data->result = rc; sess_data->result = rc;
sess_data->func = NULL; sess_data->func = NULL;
...@@ -1657,9 +1666,9 @@ SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data) ...@@ -1657,9 +1666,9 @@ SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data)
} }
#endif #endif
out: out:
kfree(ntlmssp_blob); memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data); SMB2_sess_free_buffer(sess_data);
kfree(ses->ntlmssp); kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL; ses->ntlmssp = NULL;
sess_data->result = rc; sess_data->result = rc;
sess_data->func = NULL; sess_data->func = NULL;
...@@ -1737,7 +1746,7 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses, ...@@ -1737,7 +1746,7 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n"); cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result; rc = sess_data->result;
out: out:
kfree(sess_data); kfree_sensitive(sess_data);
return rc; return rc;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment