From 9992bbaa5303521fafe28a7d5d0581afa7b32da7 Mon Sep 17 00:00:00 2001 From: Or Ozeri Date: Thu, 25 Nov 2021 15:49:33 +0200 Subject: [PATCH] librbd/crypto: fix memory leak in openssl/DataCryptor Re-initializing the same datacryptor, causes a memory leak of the old encryption key. This commit fixes this issue. Signed-off-by: Or Ozeri --- src/librbd/crypto/openssl/DataCryptor.cc | 11 ++++++++--- src/librbd/crypto/openssl/DataCryptor.h | 1 + 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/librbd/crypto/openssl/DataCryptor.cc b/src/librbd/crypto/openssl/DataCryptor.cc index 0c164b048f9cd..aa9427a79b8c0 100644 --- a/src/librbd/crypto/openssl/DataCryptor.cc +++ b/src/librbd/crypto/openssl/DataCryptor.cc @@ -13,7 +13,12 @@ namespace openssl { int DataCryptor::init(const char* cipher_name, const unsigned char* key, uint16_t key_length) { - m_key = nullptr; + if (m_key != nullptr) { + ceph_memzero_s(m_key, m_key_size, m_key_size); + delete [] m_key; + m_key = nullptr; + m_key_size = 0; + } if (cipher_name == nullptr) { lderr(m_cct) << "missing cipher name" << dendl; return -EINVAL; @@ -39,6 +44,7 @@ int DataCryptor::init(const char* cipher_name, const unsigned char* key, return -EINVAL; } + m_key_size = key_length; m_key = new unsigned char[key_length]; memcpy(m_key, key, key_length); m_iv_size = static_cast(EVP_CIPHER_iv_length(m_cipher)); @@ -47,8 +53,7 @@ int DataCryptor::init(const char* cipher_name, const unsigned char* key, DataCryptor::~DataCryptor() { if (m_key != nullptr) { - ceph_memzero_s(m_key, EVP_CIPHER_key_length(m_cipher), - EVP_CIPHER_key_length(m_cipher)); + ceph_memzero_s(m_key, m_key_size, m_key_size); delete [] m_key; m_key = nullptr; } diff --git a/src/librbd/crypto/openssl/DataCryptor.h b/src/librbd/crypto/openssl/DataCryptor.h index c9a177ef595b4..af69568835ee7 100644 --- a/src/librbd/crypto/openssl/DataCryptor.h +++ b/src/librbd/crypto/openssl/DataCryptor.h @@ -35,6 +35,7 @@ public: private: CephContext* m_cct; unsigned char* m_key = nullptr; + uint16_t m_key_size = 0; const EVP_CIPHER* m_cipher; uint32_t m_iv_size; -- 2.39.5