From 549305922a236d809a2a6707af21cc318e000c3f Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Mon, 1 Feb 2021 14:11:52 +0100 Subject: [PATCH] virStorageBackendRBDOpenRADOSConn: Use virSecureErase instead of VIR_DISPOSE_N MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Switch the secret value to 'g_autofree' for handling of the memory and clear it out using virSecureErase. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrangé --- src/storage/storage_backend_rbd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c index 22f5c78591..1f83205dfa 100644 --- a/src/storage/storage_backend_rbd.c +++ b/src/storage/storage_backend_rbd.c @@ -35,6 +35,7 @@ #include "rbd/librbd.h" #include "virsecret.h" #include "storage_util.h" +#include "virsecureerase.h" #define VIR_FROM_THIS VIR_FROM_STORAGE @@ -185,7 +186,7 @@ virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr ptr, int ret = -1; virStoragePoolSourcePtr source = &def->source; virStorageAuthDefPtr authdef = source->auth; - unsigned char *secret_value = NULL; + g_autofree unsigned char *secret_value = NULL; size_t secret_value_size = 0; VIR_AUTODISPOSE_STR rados_key = NULL; g_auto(virBuffer) mon_host = VIR_BUFFER_INITIALIZER; @@ -215,6 +216,7 @@ virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr ptr, goto cleanup; rados_key = g_base64_encode(secret_value, secret_value_size); + virSecureErase(secret_value, secret_value_size); if (virStorageBackendRBDRADOSConfSet(ptr->cluster, "key", rados_key) < 0) @@ -325,8 +327,6 @@ virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr ptr, ret = 0; cleanup: - VIR_DISPOSE_N(secret_value, secret_value_size); - virObjectUnref(conn); return ret; }