Commit 168ed654 authored by Tudor Ambarus's avatar Tudor Ambarus Committed by Marcel Holtmann

Bluetooth: ecdh_helper - fix leak of private key

tmp buffer contains the swapped private key. In case the setkey call
failed, the tmp buffer was freed without clearing the private key.

Zeroize the temporary buffer so we don't leak the private key.
Signed-off-by: default avatarTudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 3814baf3
...@@ -122,7 +122,7 @@ int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64], ...@@ -122,7 +122,7 @@ int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64],
free_req: free_req:
kpp_request_free(req); kpp_request_free(req);
free_tmp: free_tmp:
kfree(tmp); kzfree(tmp);
return err; return err;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment