| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7483deb3-2b69-37fa-28ea-fb54aac58ff8@suse.com>
Date: Wed, 19 Jul 2023 07:53:06 -0700
From: Lee Duncan <lduncan@...e.com>
To: 杜敏杰 <duminjie@...o.com>,
Mike Christie <michael.christie@...cle.com>,
Chris Leech <cleech@...hat.com>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
"open list:ISCSI" <open-iscsi@...glegroups.com>,
"open list:ISCSI" <linux-scsi@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>
Cc: "opensource.kernel" <opensource.kernel@...o.com>
Subject: Re: 回复: [PATCH v1] scsi: iscsi: use kfree_sensitive() in iscsi_session_free()
On 7/18/23 19:28, 杜敏杰 wrote:
> Hi Mike!
>
> Thank you for your reply!
> Do I need to submit a new patch to kfree_sensitive for 'password_in' and 'usernames'?
>
Just submit a V2 version of your original patch, making the changes that
Mike suggested. You can continue to include my Reviewed-by tag.
>
> regards,
> Minjie
>
> -----邮件原件-----
> 发件人: Mike Christie <michael.christie@...cle.com>
> 发送时间: 2023年7月18日 2:26
> 收件人: 杜敏杰 <duminjie@...o.com>; Lee Duncan <lduncan@...e.com>; Chris Leech <cleech@...hat.com>; James E.J. Bottomley <jejb@...ux.ibm.com>; Martin K. Petersen <martin.petersen@...cle.com>; open list:ISCSI <open-iscsi@...glegroups.com>; open list:ISCSI <linux-scsi@...r.kernel.org>; open list <linux-kernel@...r.kernel.org>
> 抄送: opensource.kernel <opensource.kernel@...o.com>
> 主题: Re: [PATCH v1] scsi: iscsi: use kfree_sensitive() in iscsi_session_free()
>
> On 7/17/23 4:26 AM, Minjie Du wrote:
>> session might contain private part of the password, so better use
>> kfree_sensitive() to free it.
>> In iscsi_session_free() use kfree_sensitive() to free session->password.
>>
>> Signed-off-by: Minjie Du <duminjie@...o.com>
>> ---
>> drivers/scsi/libiscsi.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c index
>> 0fda8905e..2f273229c 100644
>> --- a/drivers/scsi/libiscsi.c
>> +++ b/drivers/scsi/libiscsi.c
>> @@ -3132,7 +3132,7 @@ void iscsi_session_free(struct iscsi_cls_session *cls_session)
>> struct module *owner = cls_session->transport->owner;
>>
>> iscsi_pool_free(&session->cmdpool);
>> - kfree(session->password);
>> + kfree_sensitive(session->password);
>> kfree(session->password_in);
>
> You then also want kfree_sensitive for password_in.
>
> I would also use it for the usernames then too.
>
>> kfree(session->username);
>> kfree(session->username_in);
>
Powered by blists - more mailing lists