[patch] crypto: keywrap - memzero the correct memory

From: Dan Carpenter
Date: Sat Jan 30 2016 - 09:40:51 EST

Next message: Dan Carpenter: "[patch] staging: rtl8712: memory corruption in wpa_set_encryption()"
Previous message: Dan Carpenter: "[patch] bfa: use strncpy() instead of memcpy()"
Next in thread: Stephan Mueller: "Re: [patch] crypto: keywrap - memzero the correct memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We're clearing the wrong memory. The memory corruption is likely
harmless because we weren't going to use that stack memory again but not
zeroing is a potential information leak.

Fixes: e28facde3c39 ('crypto: keywrap - add key wrapping block chaining mode')
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

diff --git a/crypto/keywrap.c b/crypto/keywrap.c
index b1d106c..72014f9 100644
--- a/crypto/keywrap.c
+++ b/crypto/keywrap.c
@@ -212,7 +212,7 @@ static int crypto_kw_decrypt(struct blkcipher_desc *desc,
SEMIBSIZE))
ret = -EBADMSG;

- memzero_explicit(&block, sizeof(struct crypto_kw_block));
+ memzero_explicit(block, sizeof(struct crypto_kw_block));

return ret;
}
@@ -297,7 +297,7 @@ static int crypto_kw_encrypt(struct blkcipher_desc *desc,
/* establish the IV for the caller to pick up */
memcpy(desc->info, block->A, SEMIBSIZE);

- memzero_explicit(&block, sizeof(struct crypto_kw_block));
+ memzero_explicit(block, sizeof(struct crypto_kw_block));

return 0;
}

Next message: Dan Carpenter: "[patch] staging: rtl8712: memory corruption in wpa_set_encryption()"
Previous message: Dan Carpenter: "[patch] bfa: use strncpy() instead of memcpy()"
Next in thread: Stephan Mueller: "Re: [patch] crypto: keywrap - memzero the correct memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]