summaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2020-08-27 09:36:16 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2020-08-27 09:36:16 +0200
commit1a41e327bef444861324c2df86bd21f15aaf95c4 (patch)
tree51e722eebcd505c2bfd407d7d17a4090a8386456 /src
parent90a9e82ba613d39951c8b6fb66d149a06b5b2298 (diff)
compat: backport kfree_sensitive and switch to it
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src')
-rw-r--r--src/compat/compat.h4
-rw-r--r--src/noise.c4
-rw-r--r--src/peer.c2
3 files changed, 7 insertions, 3 deletions
diff --git a/src/compat/compat.h b/src/compat/compat.h
index 99eeaef..4dff967 100644
--- a/src/compat/compat.h
+++ b/src/compat/compat.h
@@ -1067,6 +1067,10 @@ static const struct header_ops ip_tunnel_header_ops = { .parse_protocol = ip_tun
#endif
#endif
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0)
+#define kfree_sensitive(a) kzfree(a)
+#endif
+
#if defined(ISUBUNTU1604) || defined(ISRHEL7)
#include <linux/siphash.h>
#ifndef _WG_LINUX_SIPHASH_H
diff --git a/src/noise.c b/src/noise.c
index 5fbe063..5cc0806 100644
--- a/src/noise.c
+++ b/src/noise.c
@@ -114,7 +114,7 @@ static struct noise_keypair *keypair_create(struct wg_peer *peer)
static void keypair_free_rcu(struct rcu_head *rcu)
{
- kzfree(container_of(rcu, struct noise_keypair, rcu));
+ kfree_sensitive(container_of(rcu, struct noise_keypair, rcu));
}
static void keypair_free_kref(struct kref *kref)
@@ -823,7 +823,7 @@ bool wg_noise_handshake_begin_session(struct noise_handshake *handshake,
handshake->entry.peer->device->index_hashtable,
&handshake->entry, &new_keypair->entry);
} else {
- kzfree(new_keypair);
+ kfree_sensitive(new_keypair);
}
rcu_read_unlock_bh();
diff --git a/src/peer.c b/src/peer.c
index 1d634bd..b3b6370 100644
--- a/src/peer.c
+++ b/src/peer.c
@@ -203,7 +203,7 @@ static void rcu_release(struct rcu_head *rcu)
/* The final zeroing takes care of clearing any remaining handshake key
* material and other potentially sensitive information.
*/
- kzfree(peer);
+ kfree_sensitive(peer);
}
static void kref_release(struct kref *refcount)