From: Ilya Dryomov <idryomov@gmail.com>
Date: Mon, 14 Nov 2022 13:14:10 +0000 (+0100)
Subject: rbd: fix passphrase zeroing in "rbd encryption format" handler
X-Git-Tag: v18.1.0~754^2~5
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=0230c1782e457a373aa6f1185ef3fb129afe8619;p=ceph.git

rbd: fix passphrase zeroing in "rbd encryption format" handler

"rbd encryption format" handler sets up a scope guard to zero out
the passphrase string on return but also makes a copy of same which
isn't zeroed out.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---

diff --git a/src/tools/rbd/action/Encryption.cc b/src/tools/rbd/action/Encryption.cc
index 7fedbc7aeb1..ecd4f0cb510 100644
--- a/src/tools/rbd/action/Encryption.cc
+++ b/src/tools/rbd/action/Encryption.cc
@@ -58,18 +58,6 @@ int execute(const po::variables_map &vm,
     return -EINVAL;
   }
 
-  std::ifstream file(passphrase_file, std::ios::in | std::ios::binary);
-  if (file.fail()) {
-    std::cerr << "rbd: unable to open passphrase file " << passphrase_file
-              << ": " << cpp_strerror(errno) << std::endl;
-    return -errno;
-  }
-  std::string passphrase((std::istreambuf_iterator<char>(file)),
-                         (std::istreambuf_iterator<char>()));
-  auto sg = make_scope_guard([&] {
-      ceph_memzero_s(&passphrase[0], passphrase.size(), passphrase.size()); });
-  file.close();
-
   auto alg = RBD_ENCRYPTION_ALGORITHM_AES256;
   if (vm.count("cipher-alg")) {
     alg = vm["cipher-alg"].as<librbd::encryption_algorithm_t>();
@@ -84,18 +72,30 @@ int execute(const po::variables_map &vm,
     return r;
   }
 
+  std::ifstream file(passphrase_file, std::ios::in | std::ios::binary);
+  if (file.fail()) {
+    std::cerr << "rbd: unable to open passphrase file '" << passphrase_file
+              << "': " << cpp_strerror(errno) << std::endl;
+    return -errno;
+  }
+  std::string passphrase((std::istreambuf_iterator<char>(file)),
+                         std::istreambuf_iterator<char>());
+  file.close();
+
   if (format_str == "luks1") {
-    librbd::encryption_luks1_format_options_t opts = {};
-    opts.alg = alg;
-    opts.passphrase = passphrase;
+    librbd::encryption_luks1_format_options_t opts = {
+        alg, std::move(passphrase)};
     r = image.encryption_format(
             RBD_ENCRYPTION_FORMAT_LUKS1, &opts, sizeof(opts));
+    ceph_memzero_s(opts.passphrase.data(), opts.passphrase.size(),
+                   opts.passphrase.size());
   } else if (format_str == "luks2") {
-    librbd::encryption_luks2_format_options_t opts = {};
-    opts.alg = alg;
-    opts.passphrase = passphrase;
+    librbd::encryption_luks2_format_options_t opts = {
+        alg, std::move(passphrase)};
     r = image.encryption_format(
             RBD_ENCRYPTION_FORMAT_LUKS2, &opts, sizeof(opts));
+    ceph_memzero_s(opts.passphrase.data(), opts.passphrase.size(),
+                   opts.passphrase.size());
   } else {
     std::cerr << "rbd: unsupported encryption format" << std::endl;
     return -ENOTSUP;