From 6fadc6a859d72315f72946b008f998a0d4c545e4 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 2 Aug 2017 11:39:31 +0200 Subject: kernel-netlink: Wipe buffer used to read Netlink messages When querying SAs the keys will end up in this buffer (the allocated messages that are returned are already wiped). The kernel also returns XFRM_MSG_NEWSA as response to XFRM_MSG_ALLOCSPI but we can't distinguish this here as we only see the response. References #2388. --- .../plugins/kernel_netlink/kernel_netlink_shared.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c') diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c index cf85cb0a6..f3b5b1d4a 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -265,9 +265,10 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block) { struct nlmsghdr *hdr; char buf[this->buflen]; - ssize_t len; + ssize_t len, read_len; + bool wipe = FALSE; - len = read_msg(this, buf, sizeof(buf), block); + len = read_len = read_msg(this, buf, sizeof(buf), block); if (len == -1) { return TRUE; @@ -277,6 +278,11 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block) hdr = (struct nlmsghdr*)buf; while (NLMSG_OK(hdr, len)) { + if (this->protocol == NETLINK_XFRM && + hdr->nlmsg_type == XFRM_MSG_NEWSA) + { /* wipe potential IPsec SA keys */ + wipe = TRUE; + } if (!queue(this, hdr)) { break; @@ -284,6 +290,10 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block) hdr = NLMSG_NEXT(hdr, len); } } + if (wipe) + { + memwipe(buf, read_len); + } return FALSE; } -- cgit v1.2.3