Page MenuHomeFreeBSD
Differential D41614

geli: fix setkey behavior on detached providers
Needs ReviewPublic
Actions

Authored by freebsd_igalic.co on Aug 28 2023, 10:06 AM.
Tags
Referenced Files
Unknown Object (File)
Tue, Mar 11, 4:54 PM
Unknown Object (File)
Fri, Feb 28, 4:07 PM
Unknown Object (File)
Feb 9 2025, 7:54 PM
Unknown Object (File)
Feb 8 2025, 7:41 PM
Unknown Object (File)
Feb 8 2025, 10:31 AM
Unknown Object (File)
Feb 6 2025, 2:57 PM
Unknown Object (File)
Jan 26 2025, 8:44 PM
Unknown Object (File)
Jan 17 2025, 11:17 AM
View All 43 Files
Subscribers
delphij
imp
markj

Details

Reviewers
None
Group Reviewers
secteam
security
Summary

wipe out cached_passphrase (using memset(3), for clarity) to allow
geil(8) setkey to correctly function on detached providers.

PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254966
Reported by: rob2g2
Submitted by: Arjan de Vet <freebsd@devet.org>
Pull Request: https://github.com/freebsd/freebsd-src/pull/780

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 53314
Build 50205: arc lint + arc unit

Event Timeline

freebsd_igalic.co created this revision.Aug 28 2023, 10:06 AM
Herald added a subscriber: imp. · View Herald TranscriptAug 28 2023, 10:06 AM
freebsd_igalic.co requested review of this revision.Aug 28 2023, 10:06 AM
Harbormaster completed remote builds in B53314: Diff 126577.Aug 28 2023, 10:06 AM
freebsd_igalic.co added reviewers: secteam, security.Aug 28 2023, 10:12 AM
freebsd_igalic.co added projects: secteam, security.
delphij added a subscriber: delphij.Aug 29 2023, 4:03 AM

The change looks Okay to me but I wonder if we should separate the variable into two cached values, one for new and the other for !new.

When changing multiple providers at the same time, this would allow the library to cache both passphrases so the user don't have to enter them over and over again.

markj added a subscriber: markj.EditedAug 29 2023, 1:35 PM
In D41614#948592, @delphij wrote:

The change looks Okay to me but I wonder if we should separate the variable into two cached values, one for new and the other for !new.

When changing multiple providers at the same time, this would allow the library to cache both passphrases so the user don't have to enter them over and over again.

I already committed a similar change with a regression test: 88d13bf33754bd4b0c5df92eef83d6fadb9b4944 and 2b7b09ac9675023869fddbae4911c9b674b1155a.

I think your suggestion is a good one, but it also makes sense to commit a simple fix now since this was a regression and we'd like to fix it in 14.0.

Revision Contents
Changeset List

PathSize
lib/
geom/
eli/
6 lines

Diff 126577

View Options

lib/geom/eli/geom_eli.c

Loading...