mirror of
https://github.com/systemd/systemd.git
synced 2026-06-30 19:57:29 +00:00
creds: use CLEANUP_ERASE for symmetric key
Just in case, ensure the sha256 that is used as a symmetric
key for encrypted creds is safely erased from memory.
Reported on yeswehack.com as YWH-PGM9780-166
Follow-up for 21bc0b6fa1
This commit is contained in:
committed by
Zbigniew Jędrzejewski-Szmek
parent
e7a176fe46
commit
3af158759f
@@ -840,6 +840,8 @@ int encrypt_credential_and_warn(
|
||||
/* Only one of these two flags may be set at the same time */
|
||||
assert(!FLAGS_SET(flags, CREDENTIAL_ALLOW_NULL) || !FLAGS_SET(flags, CREDENTIAL_REFUSE_NULL));
|
||||
|
||||
CLEANUP_ERASE(md);
|
||||
|
||||
if (!CRED_KEY_IS_VALID(with_key) && !CRED_KEY_IS_AUTO(with_key))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid key type: " SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(with_key));
|
||||
|
||||
@@ -1204,6 +1206,8 @@ int decrypt_credential_and_warn(
|
||||
/* Only one of these two flags may be set at the same time */
|
||||
assert(!FLAGS_SET(flags, CREDENTIAL_ALLOW_NULL) || !FLAGS_SET(flags, CREDENTIAL_REFUSE_NULL));
|
||||
|
||||
CLEANUP_ERASE(md);
|
||||
|
||||
/* Relevant error codes:
|
||||
*
|
||||
* -EBADMSG → Corrupted file
|
||||
|
||||
Reference in New Issue
Block a user