From nobody Mon Feb 9 10:51:43 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1612285205; cv=none; d=zohomail.com; s=zohoarc; b=f+H8Qb5HeTYb4Pnx8zrDgiBushUMmR+DZ5Z8P+WqXhtDNz4UhLFYrT3CDz2UneMi5LONhw9h2N9ZIeoIz3Fy+zb9ihUNgMUquysLeTM1pxnuk8LC7bmXDQePdXFz+o3+RgFri3HR2x24bmshN9nRoRlgCA2dEY0iB+oe5h0uQ+0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1612285205; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=DpEd9XS2XzPr6EzKlnakLCJgmJpHP0dPyutVsNIyAr8=; b=aaaCvFo+y1Z9A4oU3+G4lPM1QuO1WfecoEG2qkQRVS82K5MKD2cpnrXNX2hwJd38CPnRFnIvzBbgNfxt8E0esO/2b8WQv/JqaJUxL2ZZ0rGH8CdiSaIS/mizb/WrVHb6HD1H8+wsosEVqC+nOiXIqf8UBgHWN3a2RYFosk33iGI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 161228520588580.00409973170247; Tue, 2 Feb 2021 09:00:05 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-409-CISVDXGgPMK7lAb05nEtpQ-1; Tue, 02 Feb 2021 11:57:35 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3D598C2AE; Tue, 2 Feb 2021 16:57:27 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1DC8261D33; Tue, 2 Feb 2021 16:57:27 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D7F7F18077C0; Tue, 2 Feb 2021 16:57:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 112GvQvD015436 for ; Tue, 2 Feb 2021 11:57:26 -0500 Received: by smtp.corp.redhat.com (Postfix) id 2012E6EF53; Tue, 2 Feb 2021 16:57:26 +0000 (UTC) Received: from speedmetal.lan (unknown [10.40.208.53]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1EE846EF50 for ; Tue, 2 Feb 2021 16:57:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1612285204; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=DpEd9XS2XzPr6EzKlnakLCJgmJpHP0dPyutVsNIyAr8=; b=W23AGHpyX5blzFVTW45QaKXqhJfSQgNZSWLGwQ2Xzqo2miymY+fwfrpQ0siuUfQ6ErCzGX 51vroeEvUakifXvR2ng6scJWKAC28Wn1Z1l3nTFLT1VfNDtSUPGcPI1a5LGRmXrqPC2uYv f5nsvHxKcjb6yOfiMaUtzPPl5LpSmVU= X-MC-Unique: CISVDXGgPMK7lAb05nEtpQ-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH v2 21/27] qemuBuildRBDSecinfoURI: Use virSecureEraseString instead of VIR_AUTODISPOSE_STR Date: Tue, 2 Feb 2021 17:55:58 +0100 Message-Id: <28951c7134696015658575c7fb4e92ffe9096a6a.1612284661.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" In this instance attempting to be correct is really pointless since the secret is formatted into another string which is not erased securely and then put on the commandline. Keep the secure handling for correctness. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- src/qemu/qemu_command.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index f613aa0201..0320011ced 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -66,6 +66,7 @@ #include "logging/log_manager.h" #include "logging/log_protocol.h" #include "virutil.h" +#include "virsecureerase.h" #include #include @@ -776,7 +777,7 @@ static int qemuBuildRBDSecinfoURI(virBufferPtr buf, qemuDomainSecretInfoPtr secinfo) { - VIR_AUTODISPOSE_STR base64secret =3D NULL; + g_autofree char *base64secret =3D NULL; if (!secinfo) { virBufferAddLit(buf, ":auth_supported=3Dnone"); @@ -791,6 +792,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf, virBufferEscape(buf, '\\', ":", ":key=3D%s:auth_supported=3Dcephx\\;none", base64secret); + virSecureEraseString(base64secret); break; case VIR_DOMAIN_SECRET_INFO_TYPE_AES: --=20 2.29.2