| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230717092657.9776-1-duminjie@vivo.com>
Date: Mon, 17 Jul 2023 17:26:57 +0800
From: Minjie Du <duminjie@...o.com>
To: Lee Duncan <lduncan@...e.com>, Chris Leech <cleech@...hat.com>,
Mike Christie <michael.christie@...cle.com>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
open-iscsi@...glegroups.com (open list:ISCSI),
linux-scsi@...r.kernel.org (open list:ISCSI),
linux-kernel@...r.kernel.org (open list)
Cc: opensource.kernel@...o.com, Minjie Du <duminjie@...o.com>
Subject: [PATCH v1] scsi: iscsi: use kfree_sensitive() in iscsi_session_free()
session might contain private part of the password, so better use
kfree_sensitive() to free it.
In iscsi_session_free() use kfree_sensitive() to free session->password.
Signed-off-by: Minjie Du <duminjie@...o.com>
---
drivers/scsi/libiscsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c
index 0fda8905e..2f273229c 100644
--- a/drivers/scsi/libiscsi.c
+++ b/drivers/scsi/libiscsi.c
@@ -3132,7 +3132,7 @@ void iscsi_session_free(struct iscsi_cls_session *cls_session)
struct module *owner = cls_session->transport->owner;
iscsi_pool_free(&session->cmdpool);
- kfree(session->password);
+ kfree_sensitive(session->password);
kfree(session->password_in);
kfree(session->username);
kfree(session->username_in);
--
2.39.0
Powered by blists - more mailing lists