SUNRPC: Obscure Kerberos session key

ctx->Ksess is never used after import has completed. Obscure it immediately so it cannot be re-used or copied. Tested-by: Scott Mayhew <smayhew@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
author: Chuck Lever <chuck.lever@oracle.com> 2023-01-15 20:20:48 +0300
committer: Chuck Lever <chuck.lever@oracle.com> 2023-02-20 17:20:34 +0300
commit: 01c4e326327a635e1fac75b1aedd2c2c1e8123b5 (patch)
tree: 122a52c53273eba2c2d5e4e954c0e1988c6ab493 /net
parent: 7f675ca7757bfeb70e19d187dc3be44deb836da8 (diff)
download: linux-01c4e326327a635e1fac75b1aedd2c2c1e8123b5.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 76a0d83fe500..b982c9d495f2 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -550,6 +550,7 @@ gss_import_sec_context_kerberos(const void *p, size_t len,
 		ret = gss_import_v1_context(p, end, ctx);
 	else
 		ret = gss_import_v2_context(p, end, ctx, gfp_mask);
+	memzero_explicit(&ctx->Ksess, sizeof(ctx->Ksess));
 	if (ret) {
 		kfree(ctx);
 		return ret;
author	Chuck Lever <chuck.lever@oracle.com>	2023-01-15 20:20:48 +0300
committer	Chuck Lever <chuck.lever@oracle.com>	2023-02-20 17:20:34 +0300
commit	01c4e326327a635e1fac75b1aedd2c2c1e8123b5 (patch)
tree	122a52c53273eba2c2d5e4e954c0e1988c6ab493 /net
parent	7f675ca7757bfeb70e19d187dc3be44deb836da8 (diff)
download	linux-01c4e326327a635e1fac75b1aedd2c2c1e8123b5.tar.xz