Enzo Matsumiya <ematsumiya@xxxxxxx> writes: > Replace kfree with kfree_sensitive, or prepend memzero_explicit() in > other cases, when freeing sensitive material that could still be left > in memory. > > Signed-off-by: Enzo Matsumiya <ematsumiya@xxxxxxx> > Reported-by: kernel test robot <oliver.sang@xxxxxxxxx> > Link: https://lore.kernel.org/r/202209201529.ec633796-oliver.sang@xxxxxxxxx > --- > v3: fix use-after-free reported by kernel test robot (this UAF existed before this patch, > actually), adjust commit message slightly > v2: remove unnecessary NULL checks before kfree_sensitive() > > fs/cifs/cifsencrypt.c | 12 ++++++------ > fs/cifs/connect.c | 6 +++--- > fs/cifs/fs_context.c | 12 ++++++++++-- > fs/cifs/misc.c | 2 +- > fs/cifs/sess.c | 24 +++++++++++++++--------- > fs/cifs/smb2ops.c | 6 +++--- > fs/cifs/smb2pdu.c | 19 ++++++++++++++----- > 7 files changed, 52 insertions(+), 29 deletions(-) Reviewed-by: Paulo Alcantara (SUSE) <pc@xxxxxx>
