dm crypt: wipe keys string immediately after key is set

Always wipe the original copy of the key after processing it
in crypt_set_key().

Signed-off-by: Milan Broz <mbroz@redhat.com>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 4e054bd..7dcae0d 100644 (file)
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -1331,20 +1331,29 @@ static int crypt_setkey_allcpus(struct crypt_config *cc)
 
 static int crypt_set_key(struct crypt_config *cc, char *key)
 {
+       int r = -EINVAL;
+       int key_string_len = strlen(key);
+
        /* The key size may not be changed. */
-       if (cc->key_size != (strlen(key) >> 1))
-               return -EINVAL;
+       if (cc->key_size != (key_string_len >> 1))
+               goto out;
 
        /* Hyphen (which gives a key_size of zero) means there is no key. */
        if (!cc->key_size && strcmp(key, "-"))
-               return -EINVAL;
+               goto out;
 
        if (cc->key_size && crypt_decode_key(cc->key, key, cc->key_size) < 0)
-               return -EINVAL;
+               goto out;
 
        set_bit(DM_CRYPT_KEY_VALID, &cc->flags);
 
-       return crypt_setkey_allcpus(cc);
+       r = crypt_setkey_allcpus(cc);
+
+out:
+       /* Hex key string not needed after here, so wipe it. */
+       memset(key, '0', key_string_len);
+
+       return r;
 }
 
 static int crypt_wipe_key(struct crypt_config *cc)