From nobody Mon Feb 9 01:21:55 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1612284998; cv=none; d=zohomail.com; s=zohoarc; b=RrDTTPuYBIJBuHm0ao5rOsW6zrMJmplAM2nDIzr4Cffbw2UojsIyqI3vPHaM/qysW+9r3bPXDBo0hqZUlB7v0As0KtnSprLCW6pntdRxLvwGSVDSAexujPP3yLtyNUTROlU5rtZMGS66Ze7Oftp/9+vEnRh6ZPtgNXstmD4Z3HY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1612284998; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=CjUGsDhE1uku7K+6FZPycOh1shlCNn4t8BHDRdwztN8=; b=geUtgWz3sgUey23ryvXiVp7nbaD5u9m+Mk8RZCCXfJaXeD5wZTsZYuKqSfQfQN4ObB+3WyEG9ySwzWBpO74pk6Xxe/AZh5YMm41LXwA1T6RHphDCEQPLwcNpDnlj0CO8/XbRUpiVGv06+kY16vtcFFbQnGkGstG1ZMaRqmiAjUU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 16122849987991002.1309082884434; Tue, 2 Feb 2021 08:56:38 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-294-YGcMj3M4PwCfL787Yvg_lQ-1; Tue, 02 Feb 2021 11:56:35 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 73B96CE646; Tue, 2 Feb 2021 16:56:29 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 295B55D749; Tue, 2 Feb 2021 16:56:29 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id E24A11809C90; Tue, 2 Feb 2021 16:56:28 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 112GuRZ8014943 for ; Tue, 2 Feb 2021 11:56:27 -0500 Received: by smtp.corp.redhat.com (Postfix) id C2CB26EF41; Tue, 2 Feb 2021 16:56:27 +0000 (UTC) Received: from speedmetal.lan (unknown [10.40.208.53]) by smtp.corp.redhat.com (Postfix) with ESMTP id DEE8E6E510 for ; Tue, 2 Feb 2021 16:56:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1612284997; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=CjUGsDhE1uku7K+6FZPycOh1shlCNn4t8BHDRdwztN8=; b=B8rCm6JimMCHZSo/tvKyuaqdX3xM0TXFG1wpEzK5+WYKXBH+QW1SFE4OtsEi6HOpS4uunl lIRTpMR6+6/D/kx9a2r2oMIM8wlaRKEwm34oKZT5Na0WWLnRH9xFnoXjNd78sEHAHzCccq ZCPXxMHGbQR/d4kWy/iAJ8OqG9SiGeU= X-MC-Unique: YGcMj3M4PwCfL787Yvg_lQ-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH v2 08/27] virsh: cmdSecretSetValue: Rework handling of the secret value Date: Tue, 2 Feb 2021 17:55:45 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Use a single buffer for the secret to make it easier to follow it's lifecycle. For base64 decoding use a local temporary buffer which will be cleared right away. This also uses virSecureErase for clearing the bufer instead of VIR_DISPOSE_N which is being phased out. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- tools/virsh-secret.c | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c index 5d656151e8..e413af893f 100644 --- a/tools/virsh-secret.c +++ b/tools/virsh-secret.c @@ -31,6 +31,7 @@ #include "virtime.h" #include "vsh-table.h" #include "virenum.h" +#include "virsecureerase.h" static virSecretPtr virshCommandOptSecret(vshControl *ctl, const vshCmd *cmd, const char **nam= e) @@ -202,10 +203,8 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd) g_autoptr(virshSecret) secret =3D NULL; const char *base64 =3D NULL; const char *filename =3D NULL; - char *file_buf =3D NULL; - size_t file_len =3D 0; - unsigned char *value; - size_t value_size; + g_autofree char *secret_val =3D NULL; + size_t secret_len =3D 0; bool plain =3D vshCommandOptBool(cmd, "plain"); bool interactive =3D vshCommandOptBool(cmd, "interactive"); int res; @@ -228,41 +227,41 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd) if (base64) { /* warn users that the --base64 option passed from command line is= wrong */ vshError(ctl, _("Passing secret value as command-line argument is = insecure!")); + secret_val =3D g_strdup(base64); + secret_len =3D strlen(secret_val); } else if (filename) { ssize_t read_ret; - if ((read_ret =3D virFileReadAll(filename, 1024, &file_buf)) < 0) { + if ((read_ret =3D virFileReadAll(filename, 1024, &secret_val)) < 0= ) { vshSaveLibvirtError(); return false; } - file_len =3D read_ret; - base64 =3D file_buf; + secret_len =3D read_ret; } else if (interactive) { vshPrint(ctl, "%s", _("Enter new value for secret:")); fflush(stdout); - if (!(file_buf =3D virGetPassword())) { + if (!(secret_val =3D virGetPassword())) { vshError(ctl, "%s", _("Failed to read secret")); return false; } - file_len =3D strlen(file_buf); + secret_len =3D strlen(secret_val); plain =3D true; } else { vshError(ctl, _("Input secret value is missing")); return false; } - if (plain) { - value =3D g_steal_pointer(&file_buf); - value_size =3D file_len; - file_len =3D 0; - } else { - value =3D g_base64_decode(base64, &value_size); + if (!plain) { + g_autofree char *tmp =3D g_steal_pointer(&secret_val); + size_t tmp_len =3D secret_len; + + secret_val =3D (char *) g_base64_decode(tmp, &secret_len); + virSecureErase(tmp, tmp_len); } - res =3D virSecretSetValue(secret, value, value_size, 0); - VIR_DISPOSE_N(value, value_size); - VIR_DISPOSE_N(file_buf, file_len); + res =3D virSecretSetValue(secret, (unsigned char *) secret_val, secret= _len, 0); + virSecureErase(secret_val, secret_len); if (res !=3D 0) { vshError(ctl, "%s", _("Failed to set secret value")); --=20 2.29.2