Re: [PATCH] credential: clear expired c->credential in addition to c->password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Aaron Plattner <aplattner@xxxxxxxxxx> writes:

> When a struct credential expires, credential_fill() clears c->password
> so that clients don't try to use it later. However, a struct cred that
> uses an alternate authtype won't have a password, but might have a
> credential stored in c->credential. Clear that too.

Hmph, piling another thing on top of these selected "discard/reset"
we already have should make us rethink a few things.

 - Is this the only place we discard/reset/clear?

 - Isn't there already a helper function that was DESIGNED to do
   this for us?

 - Are all these places we discard/reset/clear using that helper
   function?

For example, when we rejecting credential, shouldn't we be clearing
the same members of the structure as we notice that the auth material
is stale and has expired?

There is credential_clear() and credential_clear_secrets().  Would
one of these want to be reused in this (and also reject) context?




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux