From nobody Fri May 17 11:29:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1670603353; cv=none; d=zohomail.com; s=zohoarc; b=jgshNp6qOP3OTnDW7jVBiufz5KioMq5Z+iMCbOEBTSgqKJOanfxZlBDlMc6ey9YEW6/hdZodecDi9ytXB1TTf0UWI9g2Wa1c5o+tLh4e1FoJYdCyVlW7miwskfNsrZxk65b1nusI2DHW0pTvJ/wJ/xAQIo4NzrquKA+gm52mSTY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1670603353; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=APatJ55oGh+jiZSDb4gFjp2GuFBUUlxdnkfCq80YlKw=; b=ECM5cov09A01Fxg7MfQ3mTPsE75g2LY8XTtoXNazFpr7ZZXzKS+CiiBrQGVc6WpumEPLpumfeTs7THkujwSaxZwvyXrlxDYMQPNg6aF0LsJ7HiwhdH0reHXQkKW0wY4cL8I4VSWS3TictiYT3P+AnP+o4r/pj4hOZLKLQdc0Vvs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1670603353144724.4808665265477; Fri, 9 Dec 2022 08:29:13 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-593-fIDWiKljMgiXb5BjxN2rog-1; Fri, 09 Dec 2022 11:29:10 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A3D3980600C; Fri, 9 Dec 2022 16:29:07 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9065D40C6EC3; Fri, 9 Dec 2022 16:29:07 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 762FF1947051; Fri, 9 Dec 2022 16:29:07 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 25F26194704F for ; Fri, 9 Dec 2022 16:29:06 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 07EEA422A9; Fri, 9 Dec 2022 16:29:06 +0000 (UTC) Received: from speedmetal.redhat.com (ovpn-208-20.brq.redhat.com [10.40.208.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id 44D591759E for ; Fri, 9 Dec 2022 16:29:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670603352; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=APatJ55oGh+jiZSDb4gFjp2GuFBUUlxdnkfCq80YlKw=; b=dY6z6kVJfjE2j/hRemTOLZCIVr+eYCEudL08srU97e5E5LDshfbgxHM626zHLhJvBxJi8H V35kkGo9bvShdbjCASacxoGx9ThBWXbzrFGxj1WhTxD4QOreL84xQcJa3GFGUWa8vK6qTe jiSVvdRauNxnOOFGYVbCOGc9sVGQjYc= X-MC-Unique: fIDWiKljMgiXb5BjxN2rog-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 01/11] virCryptoEncryptDataAESgnutls: Don't secure erase gnutls_datum_t structs Date: Fri, 9 Dec 2022 17:28:53 +0100 Message-Id: <8a073088471b0fd7d0d44dcdc951d960630a31e6.1670603205.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1670603354657100001 Content-Type: text/plain; charset="utf-8" 'gnutls_datum_t' simply holds pointers to the encryption key and it's length. There's absolutely no point in securely erasing that. Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- src/util/vircrypto.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 828e822d8e..1bddb333dc 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -164,8 +164,6 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t= gnutls_enc_alg, /* Encrypt the data and free the memory for cipher operations */ rc =3D gnutls_cipher_encrypt(handle, ciphertext, ciphertextlen); gnutls_cipher_deinit(handle); - virSecureErase(&enc_key, sizeof(gnutls_datum_t)); - virSecureErase(&iv_buf, sizeof(gnutls_datum_t)); if (rc < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("failed to encrypt the data: '%s'"), @@ -180,8 +178,6 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t= gnutls_enc_alg, error: virSecureErase(ciphertext, ciphertextlen); g_free(ciphertext); - virSecureErase(&enc_key, sizeof(gnutls_datum_t)); - virSecureErase(&iv_buf, sizeof(gnutls_datum_t)); return -1; } --=20 2.38.1 From nobody Fri May 17 11:29:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1670603354; cv=none; d=zohomail.com; s=zohoarc; b=e69AsHFpU4dzWgXSFlJHcNk+zo4JCq3jVI3R1Ixd92eG8zOpPfHL6J1unQlkC9dCwOCL3LbqnpO3jlW62U1mxZntQUxBLtfjPTvR0uTtSCPcUnceV0/IFLqL/+kp5ppqNDJZ5E0hLbp1h5nJuWzYItB+MbOXcY2Nw8B3QPhSx3s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1670603354; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=QfoJ7cgbpVTEBBgiArEcPOtoYESb+ukgfNvaRMX0KdA=; b=RqAaHztkudVqSgt0jy/708iCSD+NB80xan2xRruXYPm4kx5RMxwBQKanFrzOBKkEPFBHrMtZjBWsTYVphTTa65cKs8Kknxnu0NfN3p31vhiHX1m4hv+YtVt1oyNRgD9Zh4nfOnPySDjF6WEeZGsrzVAaFiG+irSVdf8ob8HMJC4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1670603354654328.54011879593645; Fri, 9 Dec 2022 08:29:14 -0800 (PST) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-615-JnkrnpNuMLSSyJ9x7uXrqA-1; Fri, 09 Dec 2022 11:29:11 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E4FE71C05140; Fri, 9 Dec 2022 16:29:08 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id CF4F640C2065; Fri, 9 Dec 2022 16:29:08 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id C06AC1947051; Fri, 9 Dec 2022 16:29:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 13EB8194704F for ; Fri, 9 Dec 2022 16:29:07 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 07B16422A9; Fri, 9 Dec 2022 16:29:07 +0000 (UTC) Received: from speedmetal.redhat.com (ovpn-208-20.brq.redhat.com [10.40.208.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6F0B71759E for ; Fri, 9 Dec 2022 16:29:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670603353; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=QfoJ7cgbpVTEBBgiArEcPOtoYESb+ukgfNvaRMX0KdA=; b=c9LcxyIDv/HzjSu7SuPvz3I3G/emy4bvphknCujun0lf9HCn+Ova3yz2EV8+cTypLW/CdJ ayymtPv2BYjYqM7p856QBLehtOURkTxr3z6OkTdcd/RShYS5C4JzHoXXUtrGjcvM5fJHeT 4xs6rrI968zatEGhnDjGd6EwixcQqEY= X-MC-Unique: JnkrnpNuMLSSyJ9x7uXrqA-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 02/11] virCryptoEncryptDataAESgnutls: Properly initialize data structures Date: Fri, 9 Dec 2022 17:28:54 +0100 Message-Id: <8b526407d8d9a535386330452a889b8913bc99fd.1670603205.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1670603356673100003 Content-Type: text/plain; charset="utf-8" The initialization vector is not optional thus we also don't need to check whether the caller passed it in. Additionally we can use c99 initializers for the gnutls_datum_t structs. Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- src/util/vircrypto.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 1bddb333dc..b28d3fc23d 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -125,8 +125,8 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t= gnutls_enc_alg, int rc; size_t i; gnutls_cipher_hd_t handle =3D NULL; - gnutls_datum_t enc_key; - gnutls_datum_t iv_buf; + gnutls_datum_t enc_key =3D { .data =3D enckey, .size =3D enckeylen }; + gnutls_datum_t iv_buf =3D { .data =3D iv, .size =3D ivlen }; uint8_t *ciphertext; size_t ciphertextlen; @@ -146,13 +146,6 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_= t gnutls_enc_alg, for (i =3D datalen; i < ciphertextlen; i++) ciphertext[i] =3D ciphertextlen - datalen; - /* Initialize the gnutls cipher */ - enc_key.size =3D enckeylen; - enc_key.data =3D enckey; - if (iv) { - iv_buf.size =3D ivlen; - iv_buf.data =3D iv; - } if ((rc =3D gnutls_cipher_init(&handle, gnutls_enc_alg, &enc_key, &iv_buf)) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, --=20 2.38.1 From nobody Fri May 17 11:29:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1670603355; cv=none; d=zohomail.com; s=zohoarc; b=nDSKY7xS2gyKvVzjjeFvQZQ0HVpA5yO+RHjOHPNrN3KHYWNb7ritYlmaxH9Aqe5Yl8oWwxFvPtT33fdsi64i7CM3ww8IONCJHR/T1FT5PPaKMIosYGTjMjG9Ns1NytdYJCOCeUKkXntyc/VA4PyqRBrjiSZ+7oVHWC9ugkTGd+s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1670603355; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=96W/Qbjih+xwvUBrtbBvXMfIVjALVerUhI3wMY+NvGg=; b=Y0d969fR89NzaDMvdF9izMFuvdWfcUKHYu8cD9vIPK2RSvt+FlHI2wkLhaCB+IeiO9hHeqrZYsxfV8t/iDaaevb3vEIyAUjUIozrB4rupwVAIAf95UwktOK7dkxAGBZQQBhH9F4tVAf9xdNU50RwZNT0gsnO2YgSYubeRJBZ+2k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1670603355799993.1941806864941; Fri, 9 Dec 2022 08:29:15 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-374-W8vPR3X7NoeTjYzQ8wd5Og-1; Fri, 09 Dec 2022 11:29:11 -0500 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 062DE857F8F; Fri, 9 Dec 2022 16:29:09 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id E5DA84A9254; Fri, 9 Dec 2022 16:29:08 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id D59EE1947057; Fri, 9 Dec 2022 16:29:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 78F28194704F for ; Fri, 9 Dec 2022 16:29:08 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 2E148422A9; Fri, 9 Dec 2022 16:29:08 +0000 (UTC) Received: from speedmetal.redhat.com (ovpn-208-20.brq.redhat.com [10.40.208.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id 687E942222 for ; Fri, 9 Dec 2022 16:29:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670603354; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=96W/Qbjih+xwvUBrtbBvXMfIVjALVerUhI3wMY+NvGg=; b=hr2v8kPRCzOeN71GFD6wAXLvZfXQuI2WPGr9tG6FxMeTzeYtewveaVxJmiW6aQlrk/tKfQ 2DVnAr0mAUXna0NIQzCzeC3P7xnS28BYHD9NlA2+1gmjumT0HRIcdYsLHm8kFTg25/HDUE KsIGUpyAAGpIwXU/Ud4aFD38VNsL1Dc= X-MC-Unique: W8vPR3X7NoeTjYzQ8wd5Og-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 03/11] virCryptoEncryptDataAESgnutls: Restructure control flow Date: Fri, 9 Dec 2022 17:28:55 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1670603356677100004 Content-Type: text/plain; charset="utf-8" Prepare the buffer for encryption only after initializing the cipher, so that there's just one failure point. This allows to remove the 'error' label. Signed-off-by: Peter Krempa --- src/util/vircrypto.c | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index b28d3fc23d..12d051a55a 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -127,9 +127,17 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_= t gnutls_enc_alg, gnutls_cipher_hd_t handle =3D NULL; gnutls_datum_t enc_key =3D { .data =3D enckey, .size =3D enckeylen }; gnutls_datum_t iv_buf =3D { .data =3D iv, .size =3D ivlen }; - uint8_t *ciphertext; + g_autofree uint8_t *ciphertext =3D NULL; size_t ciphertextlen; + if ((rc =3D gnutls_cipher_init(&handle, gnutls_enc_alg, + &enc_key, &iv_buf)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("failed to initialize cipher: '%s'"), + gnutls_strerror(rc)); + return -1; + } + /* Allocate a padded buffer, copy in the data. * * NB, we must *always* have at least 1 byte of @@ -146,32 +154,20 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm= _t gnutls_enc_alg, for (i =3D datalen; i < ciphertextlen; i++) ciphertext[i] =3D ciphertextlen - datalen; - if ((rc =3D gnutls_cipher_init(&handle, gnutls_enc_alg, - &enc_key, &iv_buf)) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("failed to initialize cipher: '%s'"), - gnutls_strerror(rc)); - goto error; - } - /* Encrypt the data and free the memory for cipher operations */ rc =3D gnutls_cipher_encrypt(handle, ciphertext, ciphertextlen); gnutls_cipher_deinit(handle); if (rc < 0) { + virSecureErase(ciphertext, ciphertextlen); virReportError(VIR_ERR_INTERNAL_ERROR, _("failed to encrypt the data: '%s'"), gnutls_strerror(rc)); - goto error; + return -1; } - *ciphertextret =3D ciphertext; + *ciphertextret =3D g_steal_pointer(&ciphertext); *ciphertextlenret =3D ciphertextlen; return 0; - - error: - virSecureErase(ciphertext, ciphertextlen); - g_free(ciphertext); - return -1; } --=20 2.38.1 From nobody Fri May 17 11:29:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1670603361; cv=none; d=zohomail.com; s=zohoarc; b=kYHVln9Hk9sCwPsfakqSsws7cJrTLCgGdtYVOp8KRmmFZl7zIFHU5pZgC9XK/ar9NI9tJ5wrf6BdN7hfXjwNn7tjbevqpaFZi/PFkFZ89Q5TYFlULzoX0U0DOKlM8CXhhiBygsqdM2clK1Cano+cqiuNFFgad8bwc54kird/k+E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1670603361; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=enOl4VtVBNDtUmAnXcd3bJW6gjD0VJOvWhIBTwHRRec=; b=ikAzH6fDripRt0yGW2jkCIuiSXEkBZy/HM5+XXkH3Y9fz9ievcCTAze52jyQTr/gsuurM6yKX01AWFXyt6hAVJzoGac8LcRimnfAvr21aRNpOJro9s330a8o9f4zqwFhl6jPNENLmW2v6XtHHnmuiam+Ad0rCfPRc/INCR0PTWs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1670603361637397.53445732777936; Fri, 9 Dec 2022 08:29:21 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-267-wfLJ7hElO2WQf1ObKqtFtQ-1; Fri, 09 Dec 2022 11:29:18 -0500 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8D9F5802E5D; Fri, 9 Dec 2022 16:29:13 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7866B492B04; Fri, 9 Dec 2022 16:29:13 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 25D3A1947051; Fri, 9 Dec 2022 16:29:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 5FDD2194704F for ; Fri, 9 Dec 2022 16:29:09 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 51F4F4EA4E; Fri, 9 Dec 2022 16:29:09 +0000 (UTC) Received: from speedmetal.redhat.com (ovpn-208-20.brq.redhat.com [10.40.208.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id B624F1759E for ; Fri, 9 Dec 2022 16:29:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670603360; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=enOl4VtVBNDtUmAnXcd3bJW6gjD0VJOvWhIBTwHRRec=; b=D+pkpOG2dya92A8konS0ig8COD0F9J/Wk3MmQi/e15BVJf/g2x54ruspzmpOMZc2ZAL1Fo KDZGV79Zaw3u5iTKTRerPtBoahEvt0RbEp8L4OEU/yUZmr6B4fM/JkF2+3AXjMxt9ENLa5 GvGk/m7/6KXx4fZe0W8CXMGesEhky/w= X-MC-Unique: wfLJ7hElO2WQf1ObKqtFtQ-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 04/11] virStorageBackendISCSISetAuth: Don't bother securely erasing password Date: Fri, 9 Dec 2022 17:28:56 +0100 Message-Id: <1e094f07a9f081a43853c7c4e06c38e8294c5f66.1670603205.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1670603362705100001 Content-Type: text/plain; charset="utf-8" We fetch the password via RPC so it's already contained in an un-sanitized buffer and pass it to 'iscsiadm' via virCommand where it's in another un-sanitized buffer (and on the commandline!!). Signed-off-by: Peter Krempa --- src/storage/storage_backend_iscsi.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/storage/storage_backend_iscsi.c b/src/storage/storage_back= end_iscsi.c index 968a70158b..78c86e6359 100644 --- a/src/storage/storage_backend_iscsi.c +++ b/src/storage/storage_backend_iscsi.c @@ -38,7 +38,6 @@ #include "virsecret.h" #include "storage_util.h" #include "virutil.h" -#include "virsecureerase.h" #define VIR_FROM_THIS VIR_FROM_STORAGE @@ -284,7 +283,6 @@ virStorageBackendISCSISetAuth(const char *portal, secret_str =3D g_new0(char, secret_size + 1); memcpy(secret_str, secret_value, secret_size); - virSecureErase(secret_value, secret_size); secret_str[secret_size] =3D '\0'; if (virISCSINodeUpdate(portal, @@ -304,7 +302,6 @@ virStorageBackendISCSISetAuth(const char *portal, ret =3D 0; cleanup: - virSecureErase(secret_str, secret_size); virObjectUnref(conn); return ret; } --=20 2.38.1 From nobody Fri May 17 11:29:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1670603412; cv=none; d=zohomail.com; s=zohoarc; b=baI7wXuH1kfMYqYgRPg4bcEIp0rekWkhmSm1q5V5phB47CWZ4tFaFgnpjF+WJGF8eiobTT0FcDwfm6yXmZUlIlfTODMHmf/eNNgMyCwvol5T53sZi8pSy43nv0s7Mea5mVCiiiNMueICTeyD2OMo3zNuPRr4AltVVHpjTHflaxQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1670603412; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=IIc0kklqhDEs03txh59wnUP9hDIl3fpicjPliG2mwxs=; b=F4e1ODv0p0MKrdR6R2Orv1H812/pztGOM7KUZ3U+ubkS2Bv3CM74JzsVnvCgshAVGATCm98KywuFl8Ptvs0vJzWiZfDmjw6TQohIChUkFZYP29MZZJnpKMKkleyKHt3SfhBrU01Cae44xpl4FlknW6HQG+Ng4uFYGAKYeCokEq4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1670603412081502.7918116670828; Fri, 9 Dec 2022 08:30:12 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-343-OCBBsmyjMdOEzo0MFSaiUw-1; Fri, 09 Dec 2022 11:29:18 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 09E4B8026BA; Fri, 9 Dec 2022 16:29:14 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id E248C111F3C1; Fri, 9 Dec 2022 16:29:13 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 63D17194705F; Fri, 9 Dec 2022 16:29:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 8B2531947051 for ; Fri, 9 Dec 2022 16:29:10 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 6EFC642222; Fri, 9 Dec 2022 16:29:10 +0000 (UTC) Received: from speedmetal.redhat.com (ovpn-208-20.brq.redhat.com [10.40.208.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id AF1B41759E for ; Fri, 9 Dec 2022 16:29:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670603411; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=IIc0kklqhDEs03txh59wnUP9hDIl3fpicjPliG2mwxs=; b=h8HIgSpUM2/rSepkxfIPglwee6dqC301SQ4V05yJbjdBwaPZLTzhs7F3yWVb5fLLT+igKv /qzObncgn6qzsczBMJNQELrQfeYQ9dXrMq14zLAqxWNI80o11S3fp9vtkcb5Zpx/rHQqVl DcDSRkX50BfbgSzM/L+QnqlSTGDcFvk= X-MC-Unique: OCBBsmyjMdOEzo0MFSaiUw-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 05/11] virStorageBackendISCSISetAuth: Use g_strndup to '\0' terminate data Date: Fri, 9 Dec 2022 17:28:57 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1670603413036100003 Content-Type: text/plain; charset="utf-8" Signed-off-by: Peter Krempa --- src/storage/storage_backend_iscsi.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/storage/storage_backend_iscsi.c b/src/storage/storage_back= end_iscsi.c index 78c86e6359..9f9aa01f05 100644 --- a/src/storage/storage_backend_iscsi.c +++ b/src/storage/storage_backend_iscsi.c @@ -281,9 +281,8 @@ virStorageBackendISCSISetAuth(const char *portal, &secret_value, &secret_size) < 0) goto cleanup; - secret_str =3D g_new0(char, secret_size + 1); - memcpy(secret_str, secret_value, secret_size); - secret_str[secret_size] =3D '\0'; + /* '\0' terminate the data into a string */ + secret_str =3D g_strndup((char *) secret_value, secret_size); if (virISCSINodeUpdate(portal, source->devices[0].path, --=20 2.38.1 From nobody Fri May 17 11:29:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1670603363; cv=none; d=zohomail.com; s=zohoarc; b=VnQQOZZQwLZDIK7aPZiCS5ENgpdz/vL9MXKoPxOzGpR5wKeZcYaKH3CXwNSyTQXNKOfGzsRI27oIOS1CflJheWdwKOyIFPeZgstgqKZOla6PvYFSgSNs6uj6pjIX/iZKouRfejDThPqpbUzKyWCmRSX6LcMv9ngd7dKGxvkci20= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1670603363; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=sk9e2KGQCbpG0qH8KGDNXgk8eQpOqXviptVqb6R8koQ=; b=LqxLXu/7aupvRsk4yfdqeXha/ABZaU8U2Ac1bz4Uq5fDvaiE8fqXcFFl6GRR5XUtJ8oqnMwBcn80YXXCuvXeKNrTHRF+FzafvOkCni+8iSLVinnA8GDEquB14Q2d2kLfeb7Uo8peOFceMl9o6eyjehXZ6fT12OZLwAMNc0FHcbM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1670603363707210.5021460004457; Fri, 9 Dec 2022 08:29:23 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-443-bSg4SG-IObmedMF6Uau9Hw-1; Fri, 09 Dec 2022 11:29:19 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 64FEC802559; Fri, 9 Dec 2022 16:29:14 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 38D9B2166B31; Fri, 9 Dec 2022 16:29:14 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id B0AA2194706C; Fri, 9 Dec 2022 16:29:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id CBBF2194704F for ; Fri, 9 Dec 2022 16:29:11 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id C253F42222; Fri, 9 Dec 2022 16:29:11 +0000 (UTC) Received: from speedmetal.redhat.com (ovpn-208-20.brq.redhat.com [10.40.208.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1D61C1759E for ; Fri, 9 Dec 2022 16:29:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670603362; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=sk9e2KGQCbpG0qH8KGDNXgk8eQpOqXviptVqb6R8koQ=; b=R8ef7QYbOUSQIb5y1dXkRb01AlD3Ps74aErrztnV1m8TjG/aJikAFiRtzZBqQi0LFMrdX1 jp0pBnc8mcJhnB06EO6vWdJhmLBwY//j29ljFKLnIAQNaTaGGSNfmDFHw7wdB1r2BRtR6i jsCmVyAlN5cqtV3FZ5S16fBfYy4N1sw= X-MC-Unique: bSg4SG-IObmedMF6Uau9Hw-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 06/11] virStorageBackendISCSISetAuth: Refactor cleanup Date: Fri, 9 Dec 2022 17:28:58 +0100 Message-Id: <07ce7b04df20db9a3e69b5007f820ba131e6c007.1670603205.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1670603364696100003 Content-Type: text/plain; charset="utf-8" Automatically free 'conn' and remove the 'cleanup' section and 'ret' variable. 'datatypes.h' contains the declaration of the autoptr cleanup function for virConnect. Signed-off-by: Peter Krempa --- src/storage/storage_backend_iscsi.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/src/storage/storage_backend_iscsi.c b/src/storage/storage_back= end_iscsi.c index 9f9aa01f05..c5e3130a4f 100644 --- a/src/storage/storage_backend_iscsi.c +++ b/src/storage/storage_backend_iscsi.c @@ -26,6 +26,7 @@ #include #include +#include "datatypes.h" #include "driver.h" #include "storage_backend_iscsi.h" #include "viralloc.h" @@ -254,8 +255,7 @@ virStorageBackendISCSISetAuth(const char *portal, size_t secret_size; g_autofree char *secret_str =3D NULL; virStorageAuthDef *authdef =3D source->auth; - int ret =3D -1; - virConnectPtr conn =3D NULL; + g_autoptr(virConnect) conn =3D NULL; VIR_IDENTITY_AUTORESTORE virIdentity *oldident =3D NULL; if (!authdef || authdef->authType =3D=3D VIR_STORAGE_AUTH_TYPE_NONE) @@ -279,7 +279,7 @@ virStorageBackendISCSISetAuth(const char *portal, if (virSecretGetSecretString(conn, &authdef->seclookupdef, VIR_SECRET_USAGE_TYPE_ISCSI, &secret_value, &secret_size) < 0) - goto cleanup; + return -1; /* '\0' terminate the data into a string */ secret_str =3D g_strndup((char *) secret_value, secret_size); @@ -296,13 +296,9 @@ virStorageBackendISCSISetAuth(const char *portal, source->devices[0].path, "node.session.auth.password", secret_str) < 0) - goto cleanup; - - ret =3D 0; + return -1; - cleanup: - virObjectUnref(conn); - return ret; + return 0; } static int --=20 2.38.1 From nobody Fri May 17 11:29:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1670603409; cv=none; d=zohomail.com; s=zohoarc; b=MeVadBVODUk4lzsawovJi+dZTZGAxIjm45TSFhHRepE4v5hF3qeHAcYN0sIf8sBOssSAlSffeqbdF3qxFFLlhgiXADmWFOjvrGz0K1FWjtcCIYylkv6Z0z13GBxkS8BHiB2fkBkzloNuEUch1xHoWNROcxtx6D2txuSuWmAZdJs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1670603409; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=YjVjfOATrXBDWcTMUysJux6Xg/t2RW33n/GM1IIlhI4=; b=kwV/hc/cyxBiHAx3fpk3Sxc6WGGFm7XbHP3C0QP1tgduiSoWa0j7aWFXgJ7u7rW+692qAMG0YdZ6goHWxGsqtmI5zy4N8Cpc56h3QqYpbxF+SNjBApdARk5vvFEBaQBTVRq16938xFeciC8i5aGKaHp4aNLSbdLQRA69yLqpfHk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1670603409149944.805297221721; Fri, 9 Dec 2022 08:30:09 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-447-AJBYeeoRNCeuSq1X2XKHZA-1; Fri, 09 Dec 2022 11:29:20 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5941882DFA6; Fri, 9 Dec 2022 16:29:15 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 10952201EFF1; Fri, 9 Dec 2022 16:29:14 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id EB36A1947053; Fri, 9 Dec 2022 16:29:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 021E11947078 for ; Fri, 9 Dec 2022 16:29:13 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id DA5084E63D; Fri, 9 Dec 2022 16:29:12 +0000 (UTC) Received: from speedmetal.redhat.com (ovpn-208-20.brq.redhat.com [10.40.208.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4E70742222 for ; Fri, 9 Dec 2022 16:29:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670603408; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=YjVjfOATrXBDWcTMUysJux6Xg/t2RW33n/GM1IIlhI4=; b=W7aPerQOYvbmmdtHvc2CMjce0NmgGCD1jZTgqpQVN2ABzcSVPzZorF6EjhCLGsdeODSiwv 8cOikGdeN5KlGNQrOEbBYrekF6sY6VT8dlTEfWni/vk+qZxnziBsPO8qSnx9mdZVVXXosL +n+vP4Doblw60uDUa3JYgswaUBeWReo= X-MC-Unique: AJBYeeoRNCeuSq1X2XKHZA-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 07/11] libxlMakeNetworkDiskSrc: Don't bother with secure erase of secrets Date: Fri, 9 Dec 2022 17:28:59 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1670603411029100001 Content-Type: text/plain; charset="utf-8" The contents of both 'secret' and 'base64secret' are part of different buffers wich are not erased securely. Don't bother with virSecureErase*. Signed-off-by: Peter Krempa --- src/libxl/libxl_conf.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c index d13e48abb2..54e50a24cf 100644 --- a/src/libxl/libxl_conf.c +++ b/src/libxl/libxl_conf.c @@ -45,7 +45,6 @@ #include "xen_xl.h" #include "virnetdevvportprofile.h" #include "virenum.h" -#include "virsecureerase.h" #define VIR_FROM_THIS VIR_FROM_LIBXL @@ -1047,11 +1046,9 @@ libxlMakeNetworkDiskSrc(virStorageSource *src, char = **srcstr) /* RBD expects an encoded secret */ base64secret =3D g_base64_encode(secret, secretlen); - virSecureErase(secret, secretlen); } *srcstr =3D libxlMakeNetworkDiskSrcStr(src, username, base64secret); - virSecureEraseString(base64secret); if (!*srcstr) goto cleanup; --=20 2.38.1 From nobody Fri May 17 11:29:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1670603404; cv=none; d=zohomail.com; s=zohoarc; b=Fnuf8k8JF7w0VcoWumJz+vmB5ErOMedxy2SdcapcgRmbY0/bQgDlOrbSNczt2LACv8QktmxOnHfDlJxVRC0Hu42rLVsnrNMpGpBaXWezbjzYdh1/FjZ9d2GSW5VoUVNPQs75ZPJHefHpLLN5UjoKjpqOpvbHjs2myxXCYoJmssk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1670603404; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=inklFT54XUa2FrWXqN1dyNzaheaAh6c4vq34QwgDs28=; b=EWHjTV++QnkkuTp19NmO+bhgLqjF+tPtib4+TLNGuENY8sz77f0TUPFMF3U2bl5wzmq6MjzFuRwn4aRkFvv8bKRSdm1TX6BDP0f+CA1UU0GfS1nz3gTDzNWAGiOOnS805We95UItBWwN97V4+cexjCe+EDW6dP9WJiHhxeDdb7o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1670603404703754.3027226530053; Fri, 9 Dec 2022 08:30:04 -0800 (PST) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-505-zBL454uRMxa6YRkHbBxvLw-1; Fri, 09 Dec 2022 11:29:20 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5BBE23C0F679; Fri, 9 Dec 2022 16:29:15 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4696BC15BA8; Fri, 9 Dec 2022 16:29:15 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 3BF6B1947054; Fri, 9 Dec 2022 16:29:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id F312A1947054 for ; Fri, 9 Dec 2022 16:29:13 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id D444E42222; Fri, 9 Dec 2022 16:29:13 +0000 (UTC) Received: from speedmetal.redhat.com (ovpn-208-20.brq.redhat.com [10.40.208.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4B1AF1759E for ; Fri, 9 Dec 2022 16:29:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670603403; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=inklFT54XUa2FrWXqN1dyNzaheaAh6c4vq34QwgDs28=; b=VaJQfEOpYKbIyb7ch5z1mWHjXFNnoFBbHTwdn4jT+dsnz1fmeyQEN2zYUyA4NOylMLtQNo k+wW+NcW5Z5ehOFAyeZDoV5IPYZRcZ9oNvd39lmr0nkyZbN2Q5ZLPv3ty8ffIvVEoA3UOa 8YK+H/4uag85m/yCX4d6AmKjOy2ooWw= X-MC-Unique: zBL454uRMxa6YRkHbBxvLw-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 08/11] libxlMakeNetworkDiskSrc: Refactor cleanup Date: Fri, 9 Dec 2022 17:29:00 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1670603404954100001 Content-Type: text/plain; charset="utf-8" Automatically unref the 'conn' object and remove the 'cleanup' section and 'ret' variable. Signed-off-by: Peter Krempa --- src/libxl/libxl_conf.c | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c index 54e50a24cf..9f0d5717c7 100644 --- a/src/libxl/libxl_conf.c +++ b/src/libxl/libxl_conf.c @@ -1021,10 +1021,9 @@ libxlMakeNetworkDiskSrcStr(virStorageSource *src, static int libxlMakeNetworkDiskSrc(virStorageSource *src, char **srcstr) { - virConnectPtr conn =3D NULL; + g_autoptr(virConnect) conn =3D NULL; g_autofree char *base64secret =3D NULL; char *username =3D NULL; - int ret =3D -1; *srcstr =3D NULL; if (src->auth && src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_RBD) { @@ -1033,31 +1032,25 @@ libxlMakeNetworkDiskSrc(virStorageSource *src, char= **srcstr) VIR_IDENTITY_AUTORESTORE virIdentity *oldident =3D virIdentityElev= ateCurrent(); if (!oldident) - goto cleanup; + return -1; username =3D src->auth->username; if (!(conn =3D virConnectOpen("xen:///system"))) - goto cleanup; + return -1; if (virSecretGetSecretString(conn, &src->auth->seclookupdef, VIR_SECRET_USAGE_TYPE_CEPH, &secret, &secretlen) < 0) - goto cleanup; + return -1; /* RBD expects an encoded secret */ base64secret =3D g_base64_encode(secret, secretlen); } - *srcstr =3D libxlMakeNetworkDiskSrcStr(src, username, base64secret); - - if (!*srcstr) - goto cleanup; - - ret =3D 0; + if (!(*srcstr =3D libxlMakeNetworkDiskSrcStr(src, username, base64secr= et))) + return -1; - cleanup: - virObjectUnref(conn); - return ret; + return 0; } int --=20 2.38.1 From nobody Fri May 17 11:29:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1670603367; cv=none; d=zohomail.com; s=zohoarc; b=C48gpiXjmHitagWYZfpXtS4KHjxV+wI0UV595/nwZ2Av19DWfzk+0TyS4XWDTc94ib2cvqZLdtyqwA5gITXvhezTj1lwtoAHrkgk6ssqT5KBxlEcKQEVxH7V6hqoRvIvuAktyyqTFlQU0XGeaqz5prU+v4JH2H1Evo8meXXFLKY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1670603367; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=c4Rxhsu3EP5hUlDmYjc0uvtn1lj7wsaamLBAPnxMRD4=; b=bWqKvnNbaYegl7z+SDM3q8J7VkuG97CrRuJ2l4ZCt4eaY3kNsC3/gympfhYMAnh93CHGZc/D6lfYI2M2Q1xxEVwGT7IZTmMUjc/Rs7QnbspJIWL/94Q6gj2EMtktoX5Swebzutp8XBFv74zca8h5rCK27z5ijIXR3FFBGLmzmSs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1670603367023339.8403992382887; Fri, 9 Dec 2022 08:29:27 -0800 (PST) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-478-oo40E3RXNfecT3kjoDRnNg-1; Fri, 09 Dec 2022 11:29:20 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CB0DB1C1A85A; Fri, 9 Dec 2022 16:29:15 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id A37B340C206B; Fri, 9 Dec 2022 16:29:15 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 7B6551947060; Fri, 9 Dec 2022 16:29:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 15FC3194705F for ; Fri, 9 Dec 2022 16:29:15 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id E76694EA4B; Fri, 9 Dec 2022 16:29:14 +0000 (UTC) Received: from speedmetal.redhat.com (ovpn-208-20.brq.redhat.com [10.40.208.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id 51FFE1759E for ; Fri, 9 Dec 2022 16:29:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670603366; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=c4Rxhsu3EP5hUlDmYjc0uvtn1lj7wsaamLBAPnxMRD4=; b=Iij4RKEmD27ADe9RgE2Xkj5329FUkWf/XIjG8RqQt3Y49IL8LC1XMWgEB5MxjRZauwZ6wF ycg1CJB6zZfHhpDTfsuUo0Lf7VIW9lfo1o7IbFN+LQEFwBaTjLPNoSL0feQsl401WJIe2H GLpMX0CnirinQeOKPMDeP+KjvA3DUJs= X-MC-Unique: oo40E3RXNfecT3kjoDRnNg-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 09/11] virStorageBackendRBDOpenRADOSConn: Don't log the RBD key Date: Fri, 9 Dec 2022 17:29:01 +0100 Message-Id: <0403d06ee55aa18d1ea7508a67b517a255738cf1.1670603205.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1670603368823100001 Content-Type: text/plain; charset="utf-8" 'virStorageBackendRBDRADOSConfSet' logs it's arguments but it's also used to set the RBD secret/key. All the security theatre with securely erasing the string we do to fetch the secret would be quite pointless if we log it thus introduce virStorageBackendRBDRADOSConfSetQuiet and use it to avoid logging the password. Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- src/storage/storage_backend_rbd.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backen= d_rbd.c index 52407f8e6f..05b2c43f79 100644 --- a/src/storage/storage_backend_rbd.c +++ b/src/storage/storage_backend_rbd.c @@ -161,12 +161,10 @@ virStoragePoolDefRBDNamespaceFormatXML(virBuffer *buf, static int -virStorageBackendRBDRADOSConfSet(rados_t cluster, - const char *option, - const char *value) +virStorageBackendRBDRADOSConfSetQuiet(rados_t cluster, + const char *option, + const char *value) { - VIR_DEBUG("Setting RADOS option '%s' to '%s'", - option, value); if (rados_conf_set(cluster, option, value) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("failed to set RADOS option: %s"), @@ -177,6 +175,19 @@ virStorageBackendRBDRADOSConfSet(rados_t cluster, return 0; } + +static int +virStorageBackendRBDRADOSConfSet(rados_t cluster, + const char *option, + const char *value) +{ + VIR_DEBUG("Setting RADOS option '%s' to '%s'", + option, value); + + return virStorageBackendRBDRADOSConfSetQuiet(cluster, option, value); +} + + static int virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDState *ptr, virStoragePoolDef *def) @@ -222,7 +233,8 @@ virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDS= tate *ptr, rados_key =3D g_base64_encode(secret_value, secret_value_size); virSecureErase(secret_value, secret_value_size); - rc =3D virStorageBackendRBDRADOSConfSet(ptr->cluster, "key", rados= _key); + VIR_DEBUG("Setting RADOS option 'key'"); + rc =3D virStorageBackendRBDRADOSConfSetQuiet(ptr->cluster, "key", = rados_key); virSecureEraseString(rados_key); if (rc < 0) --=20 2.38.1 From nobody Fri May 17 11:29:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1670603370; cv=none; d=zohomail.com; s=zohoarc; b=A+XHrR4Awt+OJcCdjBMkrq58eb54yW71FL+PkohANi/wY9WcdfGwrCdEYDLx27rYsNa1z8g4blQBWY3vOPfFqVtK+CrLwMr49P32FC89B4pQZm9lelqAmKVNXtc4v8sUkIVmkdKg4lz4JEvNBcxuUa/LTUDg+S106NV1NS+pbhg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1670603370; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=fPBOF1PKbZ44F86JkkPNbrtvtazQAjAthgHwZFlnChE=; b=UKADhG77/vTyP/lC9wTYqvyBQ/rkIp72gYTUmd8GAp7OqnYOlcMBVSc4SjhpbCnw8ET0VzREsnvEil144AVb+nDhCyL6oRTg7if7c18MNxSgP8VlVcQU93IAz32eNfWVz+SaAczODTFzSf3vhsv0QA5mIs3x4bOgYKcmOXT8o+8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1670603369997228.05022236702996; Fri, 9 Dec 2022 08:29:29 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-77-KlkfJxyBN9myws1WMlRr7w-1; Fri, 09 Dec 2022 11:29:23 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8EE7A805AC5; Fri, 9 Dec 2022 16:29:18 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7C5B742222; Fri, 9 Dec 2022 16:29:18 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 44EAD1947053; Fri, 9 Dec 2022 16:29:18 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 7CB821947051 for ; Fri, 9 Dec 2022 16:29:16 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 6C6BF1759E; Fri, 9 Dec 2022 16:29:16 +0000 (UTC) Received: from speedmetal.redhat.com (ovpn-208-20.brq.redhat.com [10.40.208.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8CF6342222 for ; Fri, 9 Dec 2022 16:29:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670603368; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=fPBOF1PKbZ44F86JkkPNbrtvtazQAjAthgHwZFlnChE=; b=QTH9g+hv+rAbkXdRb9F9rEolun+4WnIx1F3Uz1ydBlGlqUYyCQ20GxvVUtCEhqX+xwO1Bk cIkCOfKEoFFIgMhyerKF6m1zeJLq+ZKFZSsQ5E7ZKJlozdxaHzOBVJfHia0MMH4wTgzVBd rIN/i69jlh4djXVdIUOOtsEvxrAGhSE= X-MC-Unique: KlkfJxyBN9myws1WMlRr7w-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 10/11] datatypes: Register autoptr cleanup for virSecret Date: Fri, 9 Dec 2022 17:29:02 +0100 Message-Id: <160a3fd64e171db0bac353e9d746d611240b11cf.1670603205.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1670603370811100003 Content-Type: text/plain; charset="utf-8" Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- src/datatypes.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/datatypes.h b/src/datatypes.h index 49cd9cd42c..0f9730d9e8 100644 --- a/src/datatypes.h +++ b/src/datatypes.h @@ -720,6 +720,7 @@ struct _virSecret { char *usageID; /* the usage's unique identifier = */ }; +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSecret, virObjectUnref); typedef int (*virStreamAbortFunc)(virStreamPtr, void *opaque); typedef int (*virStreamFinishFunc)(virStreamPtr, void *opaque); --=20 2.38.1 From nobody Fri May 17 11:29:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1670603469; cv=none; d=zohomail.com; s=zohoarc; b=aSBySYQvA2p6mPKj9Eo22K7pR2Z7yx4uSkobGuX5epnQ/kIxJQLqXOncjEqWwrmDiOA3T/obEhVbHge5405PQ+XcERM3vwCRLkQqCYld5A3+YzKGhQOEniNYsXqnY5tvWtXkz2ActKHMAssjTMzUftTcnOH6clZPQXb1XlggAVY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1670603469; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=n9vvgghyhI89oOQXZJmfphhYEx5aFDzNnuefHYFdWu0=; b=TLeVg22XU80H3X9XVNFaX4qz7xJz3ZxGcDlcC3bO1BBULcQXtUEOqbHGuUmaWJ9tWIKJMqoxVfwwyT2MQTfBxuzJky0bB03UKgij7IrCiLAnYAswvOBfTVKgGU3iPpWhN6p0BR4/Q4guCHFUX7ew8xdVtoNdGOxZU9AaK+yX7i0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1670603469047637.8042276325532; Fri, 9 Dec 2022 08:31:09 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-523-LKf-tBx4OYGVkxhVA0D24w-1; Fri, 09 Dec 2022 11:29:23 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 20B2086C052; Fri, 9 Dec 2022 16:29:19 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 06C6F1121339; Fri, 9 Dec 2022 16:29:19 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id E6EC7194705C; Fri, 9 Dec 2022 16:29:18 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id B0788194705A for ; Fri, 9 Dec 2022 16:29:17 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 76E9D42222; Fri, 9 Dec 2022 16:29:17 +0000 (UTC) Received: from speedmetal.redhat.com (ovpn-208-20.brq.redhat.com [10.40.208.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id DC06C1759E for ; Fri, 9 Dec 2022 16:29:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670603468; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=n9vvgghyhI89oOQXZJmfphhYEx5aFDzNnuefHYFdWu0=; b=BSTdSlhcomy9+9kGq951AWiZb+qIRejuOkBwA5WF6qQyW0pzNdr6OZYzJlwcBVIZgiVw04 5gZwpHBxxznncXyLBNA7V2pnKff3bFwJoJZQ+Iu7KrcIpRUgZN4e9azQwhG8FBLSbd7rQf uEmYGCWXbgxCdaLlyTId8vNscq6WCcs= X-MC-Unique: LKf-tBx4OYGVkxhVA0D24w-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 11/11] virSecretGetSecretString: Refactor cleanup Date: Fri, 9 Dec 2022 17:29:03 +0100 Message-Id: <2e4d114c5d26857c4a6ae2eaec82ecee1031670f.1670603205.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1670603469526100001 Content-Type: text/plain; charset="utf-8" Automatically free 'sec' and remove the 'cleanup' section and 'ret' variables. Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- src/util/virsecret.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/src/util/virsecret.c b/src/util/virsecret.c index c01f3fb967..f2c13e27c9 100644 --- a/src/util/virsecret.c +++ b/src/util/virsecret.c @@ -139,8 +139,7 @@ virSecretGetSecretString(virConnectPtr conn, uint8_t **secret, size_t *secret_size) { - virSecretPtr sec =3D NULL; - int ret =3D -1; + g_autoptr(virSecret) sec =3D NULL; switch (seclookupdef->type) { case VIR_SECRET_LOOKUP_TYPE_UUID: @@ -154,7 +153,7 @@ virSecretGetSecretString(virConnectPtr conn, } if (!sec) - goto cleanup; + return -1; /* NB: NONE is a byproduct of the qemuxml2argvtest test mocking * for UUID lookups. Normal secret XML processing would fail if @@ -170,17 +169,11 @@ virSecretGetSecretString(virConnectPtr conn, "expected '%s' type"), uuidstr, virSecretUsageTypeToString(sec->usageType), virSecretUsageTypeToString(secretUsageType)); - goto cleanup; + return -1; } - *secret =3D conn->secretDriver->secretGetValue(sec, secret_size, 0); - - if (!*secret) - goto cleanup; - - ret =3D 0; + if (!(*secret =3D conn->secretDriver->secretGetValue(sec, secret_size,= 0))) + return -1; - cleanup: - virObjectUnref(sec); - return ret; + return 0; } --=20 2.38.1