kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   b96babae802986c0b9ce1bf0d72666d4b662a7bf
  2.   patches.suse
  3.   random-zero-buffer-after-reading-entropy-from-usersp.patch
Blob Blame History Raw 
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Wed, 9 Feb 2022 18:42:13 +0100
Subject: random: zero buffer after reading entropy from userspace
Patch-mainline: v5.18-rc1
Git-commit: 7b5164fb1279bf0251371848e40bae646b59b3a8
References: bsc#1204911

This buffer may contain entropic data that shouldn't stick around longer
than needed, so zero out the temporary buffer at the end of write_pool().

Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net>
Reviewed-by: Jann Horn <jannh@google.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[nstange@suse.de: adapted diff context for backport]
Acked-by: Nicolai Stange <nstange@suse.de>
---
 drivers/char/random.c |   11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1892,6 +1892,7 @@ static int
 write_pool(struct entropy_store *r, const char __user *buffer, size_t count)
 {
 	size_t bytes;
+	int ret = 0;
 	__u32 t, buf[16];
 	const char __user *p = buffer;
 
@@ -1899,8 +1900,10 @@ write_pool(struct entropy_store *r, cons
 		int b, i = 0;
 
 		bytes = min(count, sizeof(buf));
-		if (copy_from_user(&buf, p, bytes))
-			return -EFAULT;
+		if (copy_from_user(&buf, p, bytes)) {
+			ret = -EFAULT;
+			goto out;
+		}
 
 		for (b = bytes ; b > 0 ; b -= sizeof(__u32), i++) {
 			if (!arch_get_random_int(&t))
@@ -1915,7 +1918,9 @@ write_pool(struct entropy_store *r, cons
 		cond_resched();
 	}
 
-	return 0;
+out:
+	memzero_explicit(buf, sizeof(buf));
+	return ret;
 }
 
 static ssize_t random_write(struct file *file, const char __user *buffer,
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.