| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id:
<174839524449.1849945.15708694230880656811.git-patchwork-notify@kernel.org>
Date: Wed, 28 May 2025 01:20:44 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Zilin Guan <zilin@....edu.cn>
Cc: jmaloy@...hat.com, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, horms@...nel.org, netdev@...r.kernel.org,
tipc-discussion@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
jianhao.xu@....edu.cn
Subject: Re: [PATCH] tipc: use kfree_sensitive() for aead cleanup
Hello:
This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@...nel.org>:
On Fri, 23 May 2025 11:47:17 +0000 you wrote:
> The tipc_aead_free() function currently uses kfree() to release the aead
> structure. However, this structure contains sensitive information, such
> as key's SALT value, which should be securely erased from memory to
> prevent potential leakage.
>
> To enhance security, replace kfree() with kfree_sensitive() when freeing
> the aead structure. This change ensures that sensitive data is explicitly
> cleared before memory deallocation, aligning with the approach used in
> tipc_aead_init() and adhering to best practices for handling confidential
> information.
>
> [...]
Here is the summary with links:
- tipc: use kfree_sensitive() for aead cleanup
https://git.kernel.org/netdev/net-next/c/c8ef20fe7274
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
Powered by blists - more mailing lists