Switch the secret value to 'g_autofree' for handling of the memory and
clear it out using virSecureErase.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 tools/virsh-secret.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c
index e413af893f..de32f25d64 100644
--- a/tools/virsh-secret.c
+++ b/tools/virsh-secret.c
@@ -303,7 +303,7 @@ cmdSecretGetValue(vshControl *ctl, const vshCmd *cmd)
 {
     g_autoptr(virshSecret) secret = NULL;
     VIR_AUTODISPOSE_STR base64 = NULL;
-    unsigned char *value;
+    g_autofree unsigned char *value = NULL;
     size_t value_size;
     bool plain = vshCommandOptBool(cmd, "plain");

@@ -315,7 +315,7 @@ cmdSecretGetValue(vshControl *ctl, const vshCmd *cmd)

     if (plain) {
         if (fwrite(value, 1, value_size, stdout) != value_size) {
-            VIR_DISPOSE_N(value, value_size);
+            virSecureErase(value, value_size);
             vshError(ctl, "failed to write secret");
             return false;
         }
@@ -325,7 +325,7 @@ cmdSecretGetValue(vshControl *ctl, const vshCmd *cmd)
         vshPrint(ctl, "%s", base64);
     }

-    VIR_DISPOSE_N(value, value_size);
+    virSecureErase(value, value_size);
     return true;
 }

-- 
2.29.2

On Tue, Feb 02, 2021 at 05:55:49PM +0100, Peter Krempa wrote:
> Switch the secret value to 'g_autofree' for handling of the memory and
> clear it out using virSecureErase.
> 
> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> ---
>  tools/virsh-secret.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|