From 1a41e327bef444861324c2df86bd21f15aaf95c4 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 27 Aug 2020 09:36:16 +0200 Subject: compat: backport kfree_sensitive and switch to it Signed-off-by: Jason A. Donenfeld --- src/compat/compat.h | 4 ++++ src/noise.c | 4 ++-- src/peer.c | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/compat/compat.h b/src/compat/compat.h index 99eeaef..4dff967 100644 --- a/src/compat/compat.h +++ b/src/compat/compat.h @@ -1067,6 +1067,10 @@ static const struct header_ops ip_tunnel_header_ops = { .parse_protocol = ip_tun #endif #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0) +#define kfree_sensitive(a) kzfree(a) +#endif + #if defined(ISUBUNTU1604) || defined(ISRHEL7) #include #ifndef _WG_LINUX_SIPHASH_H diff --git a/src/noise.c b/src/noise.c index 5fbe063..5cc0806 100644 --- a/src/noise.c +++ b/src/noise.c @@ -114,7 +114,7 @@ static struct noise_keypair *keypair_create(struct wg_peer *peer) static void keypair_free_rcu(struct rcu_head *rcu) { - kzfree(container_of(rcu, struct noise_keypair, rcu)); + kfree_sensitive(container_of(rcu, struct noise_keypair, rcu)); } static void keypair_free_kref(struct kref *kref) @@ -823,7 +823,7 @@ bool wg_noise_handshake_begin_session(struct noise_handshake *handshake, handshake->entry.peer->device->index_hashtable, &handshake->entry, &new_keypair->entry); } else { - kzfree(new_keypair); + kfree_sensitive(new_keypair); } rcu_read_unlock_bh(); diff --git a/src/peer.c b/src/peer.c index 1d634bd..b3b6370 100644 --- a/src/peer.c +++ b/src/peer.c @@ -203,7 +203,7 @@ static void rcu_release(struct rcu_head *rcu) /* The final zeroing takes care of clearing any remaining handshake key * material and other potentially sensitive information. */ - kzfree(peer); + kfree_sensitive(peer); } static void kref_release(struct kref *refcount) -- cgit v1.2.3