1. Patchew
  2. Libvirt
  3. [PATCH v2 00/27] util: Remove VIR_DISPOSE(_N) and VIR_DISPOSE_STRING
  4. View patch

[PATCH v2 21/27] qemuBuildRBDSecinfoURI: Use virSecureEraseString instead of VIR_AUTODISPOSE_STR

Peter Krempa posted 27 patches 5 years ago
[PATCH v2 21/27] qemuBuildRBDSecinfoURI: Use virSecureEraseString instead of VIR_AUTODISPOSE_STR
Posted by Peter Krempa 5 years ago 
In this instance attempting to be correct is really pointless since the
secret is formatted into another string which is not erased securely and
then put on the commandline.

Keep the secure handling for correctness.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_command.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index f613aa0201..0320011ced 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -66,6 +66,7 @@
 #include "logging/log_manager.h"
 #include "logging/log_protocol.h"
 #include "virutil.h"
+#include "virsecureerase.h"

 #include <sys/stat.h>
 #include <fcntl.h>
@@ -776,7 +777,7 @@ static int
 qemuBuildRBDSecinfoURI(virBufferPtr buf,
                        qemuDomainSecretInfoPtr secinfo)
 {
-    VIR_AUTODISPOSE_STR base64secret = NULL;
+    g_autofree char *base64secret = NULL;

     if (!secinfo) {
         virBufferAddLit(buf, ":auth_supported=none");
@@ -791,6 +792,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
         virBufferEscape(buf, '\\', ":",
                         ":key=%s:auth_supported=cephx\\;none",
                         base64secret);
+        virSecureEraseString(base64secret);
         break;

     case VIR_DOMAIN_SECRET_INFO_TYPE_AES:
-- 
2.29.2
Re: [PATCH v2 21/27] qemuBuildRBDSecinfoURI: Use virSecureEraseString instead of VIR_AUTODISPOSE_STR
Posted by Daniel P. Berrangé 5 years ago 
On Tue, Feb 02, 2021 at 05:55:58PM +0100, Peter Krempa wrote:
> In this instance attempting to be correct is really pointless since the
> secret is formatted into another string which is not erased securely and
> then put on the commandline.
> 
> Keep the secure handling for correctness.
> 
> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> ---
>  src/qemu/qemu_command.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.