Page MenuHomeFreeBSD

geli: fix setkey behavior on detached providers
Needs ReviewPublic

Authored by freebsd_igalic.co on Aug 28 2023, 10:06 AM.
Referenced Files
Unknown Object (File)
Fri, Nov 8, 8:36 PM
Unknown Object (File)
Fri, Nov 8, 6:04 PM
Unknown Object (File)
Wed, Oct 23, 11:31 PM
Unknown Object (File)
Oct 20 2024, 10:59 AM
Unknown Object (File)
Sep 30 2024, 11:22 PM
Unknown Object (File)
Sep 22 2024, 11:03 PM
Unknown Object (File)
Sep 22 2024, 7:51 PM
Unknown Object (File)
Sep 22 2024, 7:56 AM
Subscribers

Details

Reviewers
None
Group Reviewers
secteam
security
Summary

wipe out cached_passphrase (using memset(3), for clarity) to allow
geil(8) setkey to correctly function on detached providers.

PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254966
Reported by: rob2g2
Submitted by: Arjan de Vet <freebsd@devet.org>
Pull Request: https://github.com/freebsd/freebsd-src/pull/780

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 53314
Build 50205: arc lint + arc unit

Event Timeline

The change looks Okay to me but I wonder if we should separate the variable into two cached values, one for new and the other for !new.

When changing multiple providers at the same time, this would allow the library to cache both passphrases so the user don't have to enter them over and over again.

The change looks Okay to me but I wonder if we should separate the variable into two cached values, one for new and the other for !new.

When changing multiple providers at the same time, this would allow the library to cache both passphrases so the user don't have to enter them over and over again.

I already committed a similar change with a regression test: 88d13bf33754bd4b0c5df92eef83d6fadb9b4944 and 2b7b09ac9675023869fddbae4911c9b674b1155a.

I think your suggestion is a good one, but it also makes sense to commit a simple fix now since this was a regression and we'd like to fix it in 14.0.