From 3b1d2ff51022fa1e29a79c3b9339eff75355018c Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 2 Feb 2021 17:04:30 +0100
Subject: [PATCH] qemuBuildRBDSecinfoURI: Use virSecureEraseString instead of
 VIR_AUTODISPOSE_STR
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In this instance attempting to be correct is really pointless since the
secret is formatted into another string which is not erased securely and
then put on the commandline.

Keep the secure handling for correctness.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
 src/qemu/qemu_command.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4ed41ed0e4..f742379919 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -66,6 +66,7 @@
 #include "logging/log_manager.h"
 #include "logging/log_protocol.h"
 #include "virutil.h"
+#include "virsecureerase.h"
 
 #include <sys/stat.h>
 #include <fcntl.h>
@@ -776,7 +777,7 @@ static int
 qemuBuildRBDSecinfoURI(virBufferPtr buf,
                        qemuDomainSecretInfoPtr secinfo)
 {
-    VIR_AUTODISPOSE_STR base64secret = NULL;
+    g_autofree char *base64secret = NULL;
 
     if (!secinfo) {
         virBufferAddLit(buf, ":auth_supported=none");
@@ -791,6 +792,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
         virBufferEscape(buf, '\\', ":",
                         ":key=%s:auth_supported=cephx\\;none",
                         base64secret);
+        virSecureEraseString(base64secret);
         break;
 
     case VIR_DOMAIN_SECRET_INFO_TYPE_AES: