From owner-svn-src-head@FreeBSD.ORG Sat Nov 2 01:16:10 2013 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id B7B79C69; Sat, 2 Nov 2013 01:16:10 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8B1032676; Sat, 2 Nov 2013 01:16:10 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id rA21GArx041002; Sat, 2 Nov 2013 01:16:10 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id rA21GALI041001; Sat, 2 Nov 2013 01:16:10 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201311020116.rA21GALI041001@svn.freebsd.org> From: Xin LI Date: Sat, 2 Nov 2013 01:16:10 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r257539 - head/sys/geom/eli X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Nov 2013 01:16:10 -0000 Author: delphij Date: Sat Nov 2 01:16:10 2013 New Revision: 257539 URL: http://svnweb.freebsd.org/changeset/base/257539 Log: When zero'ing out a buffer, make sure we are using right size. Without this change, in the worst but unlikely case scenario, certain administrative operations, including change of configuration, set or delete key from a GEOM ELI provider, may leave potentially sensitive information in buffer allocated from kernel memory. We believe that it is not possible to actively exploit these issues, nor does it impact the security of normal usage of GEOM ELI providers when these operations are not performed after system boot. Security: possible sensitive information disclosure Submitted by: Clement Lecigne MFC after: 3 days Modified: head/sys/geom/eli/g_eli_ctl.c Modified: head/sys/geom/eli/g_eli_ctl.c ============================================================================== --- head/sys/geom/eli/g_eli_ctl.c Sat Nov 2 01:03:14 2013 (r257538) +++ head/sys/geom/eli/g_eli_ctl.c Sat Nov 2 01:16:10 2013 (r257539) @@ -471,7 +471,7 @@ g_eli_ctl_configure(struct gctl_req *req prov, error); } bzero(&md, sizeof(md)); - bzero(sector, sizeof(sector)); + bzero(sector, pp->sectorsize); free(sector, M_ELI); } } @@ -562,7 +562,7 @@ g_eli_ctl_setkey(struct gctl_req *req, s /* Encrypt Master Key with the new key. */ error = g_eli_mkey_encrypt(md.md_ealgo, key, md.md_keylen, mkeydst); - bzero(key, sizeof(key)); + bzero(key, keysize); if (error != 0) { bzero(&md, sizeof(md)); gctl_error(req, "Cannot encrypt Master Key (error=%d).", error); @@ -575,7 +575,7 @@ g_eli_ctl_setkey(struct gctl_req *req, s bzero(&md, sizeof(md)); error = g_write_data(cp, pp->mediasize - pp->sectorsize, sector, pp->sectorsize); - bzero(sector, sizeof(sector)); + bzero(sector, pp->sectorsize); free(sector, M_ELI); if (error != 0) { gctl_error(req, "Cannot store metadata on %s (error=%d).", @@ -691,7 +691,7 @@ g_eli_ctl_delkey(struct gctl_req *req, s (void)g_io_flush(cp); } bzero(&md, sizeof(md)); - bzero(sector, sizeof(sector)); + bzero(sector, pp->sectorsize); free(sector, M_ELI); if (*all) G_ELI_DEBUG(1, "All keys removed from %s.", pp->name);