SUNRPC: Obscure Kerberos session key

ctx->Ksess is never used after import has completed. Obscure it
immediately so it cannot be re-used or copied.

Tested-by: Scott Mayhew <smayhew@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 76a0d83fe500d2e0af744a047d71f933dfdb2615..b982c9d495f2681084094fb626ca69879c868056 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -550,6 +550,7 @@ gss_import_sec_context_kerberos(const void *p, size_t len,
                ret = gss_import_v1_context(p, end, ctx);
        else
                ret = gss_import_v2_context(p, end, ctx, gfp_mask);
+       memzero_explicit(&ctx->Ksess, sizeof(ctx->Ksess));
        if (ret) {
                kfree(ctx);
                return ret;