kernel-netlink: Wipe buffer used to read Netlink messages
authorTobias Brunner <tobias@strongswan.org>
Wed, 2 Aug 2017 09:39:31 +0000 (11:39 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 7 Aug 2017 14:55:40 +0000 (16:55 +0200)
When querying SAs the keys will end up in this buffer (the allocated
messages that are returned are already wiped). The kernel also returns
XFRM_MSG_NEWSA as response to XFRM_MSG_ALLOCSPI but we can't distinguish
this here as we only see the response.

References #2388.

src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c

index cf85cb0..f3b5b1d 100644 (file)
@@ -265,9 +265,10 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block)
 {
        struct nlmsghdr *hdr;
        char buf[this->buflen];
-       ssize_t len;
+       ssize_t len, read_len;
+       bool wipe = FALSE;
 
-       len = read_msg(this, buf, sizeof(buf), block);
+       len = read_len = read_msg(this, buf, sizeof(buf), block);
        if (len == -1)
        {
                return TRUE;
@@ -277,6 +278,11 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block)
                hdr = (struct nlmsghdr*)buf;
                while (NLMSG_OK(hdr, len))
                {
+                       if (this->protocol == NETLINK_XFRM &&
+                               hdr->nlmsg_type == XFRM_MSG_NEWSA)
+                       {       /* wipe potential IPsec SA keys */
+                               wipe = TRUE;
+                       }
                        if (!queue(this, hdr))
                        {
                                break;
@@ -284,6 +290,10 @@ static bool read_and_queue(private_netlink_socket_t *this, bool block)
                        hdr = NLMSG_NEXT(hdr, len);
                }
        }
+       if (wipe)
+       {
+               memwipe(buf, read_len);
+       }
        return FALSE;
 }