| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZLghwZh2jVnLpzim@rhel-developer-toolbox-latest>
Date: Wed, 19 Jul 2023 10:47:45 -0700
From: Chris Leech <cleech@...hat.com>
To: 杜敏杰 <duminjie@...o.com>
Cc: Lee Duncan <lduncan@...e.com>,
Mike Christie <michael.christie@...cle.com>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
"open list:ISCSI" <open-iscsi@...glegroups.com>,
"open list:ISCSI" <linux-scsi@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>,
"opensource.kernel" <opensource.kernel@...o.com>
Subject: Re: [PATCH v2] scsi: iscsi: kfree_sensitive() in iscsi_session_free()
On Wed, Jul 19, 2023 at 07:45:48AM +0000, 杜敏杰 wrote:
> session might contain private part of the password, so better use
> kfree_sensitive() to free it.
> In iscsi_session_free() use kfree_sensitive() to free session->password,
> session->password_in, session->username, session->username_in.
>
> Signed-off-by: Minjie Du <duminjie@...o.com>
This looks good, thank you for the follow up to Mike's review.
Reviewed-by: Chris Leech <cleech@...hat.com>
> ---
> drivers/scsi/libiscsi.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c
> index 0fda8905e..a307da898 100644
> --- a/drivers/scsi/libiscsi.c
> +++ b/drivers/scsi/libiscsi.c
> @@ -3132,10 +3132,10 @@ void iscsi_session_free(struct iscsi_cls_session *cls_session)
> struct module *owner = cls_session->transport->owner;
>
> iscsi_pool_free(&session->cmdpool);
> - kfree(session->password);
> - kfree(session->password_in);
> - kfree(session->username);
> - kfree(session->username_in);
> + kfree_sensitive(session->password);
> + kfree_sensitive(session->password_in);
> + kfree_sensitive(session->username);
> + kfree_sensitive(session->username_in);
> kfree(session->targetname);
> kfree(session->targetalias);
> kfree(session->initiatorname);
> --
> 2.39.0
>
Powered by blists - more mailing lists