fscrypt: zeroize fscrypt_info before freeing

memset the struct fscrypt_info to zero before freeing.  This isn't
really needed currently, since there's no secret key directly in the
fscrypt_info.  But there's a decent chance that someone will add such a
field in the future, e.g. in order to use an API that takes a raw key
such as siphash().  So it's good to do this as a hardening measure.

Signed-off-by: Eric Biggers <ebiggers@google.com>

diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c
index 8eb5a0e762ec6ab3e7d85148c791182e0e7e487d..b03b33643e4b29af9af674efa964e3fefc382897 100644 (file)
--- a/fs/crypto/keysetup.c
+++ b/fs/crypto/keysetup.c
@@ -327,6 +327,7 @@ static void put_crypt_info(struct fscrypt_info *ci)
                        key_invalidate(key);
                key_put(key);
        }
+       memzero_explicit(ci, sizeof(*ci));
        kmem_cache_free(fscrypt_info_cachep, ci);
 }