From: Wang Ming machel@vivo.com
[ Upstream commit daa751444fd9d4184270b1479d8af49aaf1a1ee6 ]
key might contain private part of the key, so better use kfree_sensitive to free it.
Fixes: 38320c70d282 ("[IPSEC]: Use crypto_aead and authenc in ESP") Signed-off-by: Wang Ming machel@vivo.com Reviewed-by: Tariq Toukan tariqt@nvidia.com Reviewed-by: Kuniyuki Iwashima kuniyu@amazon.com Signed-off-by: David S. Miller davem@davemloft.net Signed-off-by: Sasha Levin sashal@kernel.org --- net/ipv4/esp4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 20d7381378418..28252029bd798 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -1134,7 +1134,7 @@ static int esp_init_authenc(struct xfrm_state *x) err = crypto_aead_setkey(aead, key, keylen);
free_key: - kfree(key); + kfree_sensitive(key);
error: return err;