lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Jan 2015 18:12:57 -0600 From: Steve French <smfrench@...il.com> To: Herbert Xu <herbert@...dor.apana.org.au> Cc: Giel van Schijndel <me@...tis.eu>, LKML <linux-kernel@...r.kernel.org>, Steve French <sfrench@...ba.org>, "open list:COMMON INTERNET F..." <linux-cifs@...r.kernel.org>, "moderated list:COMMON INTERNET F..." <samba-technical@...ts.samba.org> Subject: Re: [PATCH RESEND] cifs: use memzero_explicit to clear stack buffer merged into cifs-2.6.git for-next On Tue, Jan 6, 2015 at 4:59 PM, Herbert Xu <herbert@...dor.apana.org.au> wrote: > On Tue, Jan 06, 2015 at 10:37:00PM +0100, Giel van Schijndel wrote: >> When leaving a function use memzero_explicit instead of memset(0) to >> clear stack allocated buffers. memset(0) may be optimized away. >> >> This particular buffer is highly likely to contain sensitive data which >> we shouldn't leak (it's named 'passwd' after all). >> >> Signed-off-by: Giel van Schijndel <me@...tis.eu> >> Reported-at: http://www.viva64.com/en/b/0299/ >> Reported-by: Andrey Karpov >> Reported-by: Svyatoslav Razmyslov > > Acked-by: Herbert Xu <herbert@...dor.apana.org.au> > > Thanks, > -- > Email: Herbert Xu <herbert@...dor.apana.org.au> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- Thanks, Steve -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists