1. Patchew
  2. Libvirt
  3. View series

[libvirt] [PATCH] util: json: Nuke strings when freeing JSON objects

Peter Krempa posted 1 patch 5 years, 1 month ago
Test syntax-check passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/d60001298bb488a0aa252dee4bab23bded3f146e.1551192392.git.pkrempa@redhat.com
src/util/virjson.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[libvirt] [PATCH] util: json: Nuke strings when freeing JSON objects
Posted by Peter Krempa 5 years, 1 month ago 
We construct JSON objects e.g. for setting the VNC password but then
just VIR_FREE the strings cointained inside. If it was the password
string would be kept on the heap. Exchange some cpu cycles for a warm
feeling of security.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/util/virjson.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/util/virjson.c b/src/util/virjson.c
index d5d66f879f..db38fd0dc0 100644
--- a/src/util/virjson.c
+++ b/src/util/virjson.c
@@ -423,7 +423,7 @@ virJSONValueFree(virJSONValuePtr value)
         VIR_FREE(value->data.array.values);
         break;
     case VIR_JSON_TYPE_STRING:
-        VIR_FREE(value->data.string);
+        VIR_DISPOSE_STRING(value->data.string);
         break;
     case VIR_JSON_TYPE_NUMBER:
         VIR_FREE(value->data.number);
-- 
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] util: json: Nuke strings when freeing JSON objects
Posted by Ján Tomko 5 years, 1 month ago 
On Tue, Feb 26, 2019 at 03:46:32PM +0100, Peter Krempa wrote:
>We construct JSON objects e.g. for setting the VNC password but then
>just VIR_FREE the strings cointained inside. If it was the password

s/cointained/contained/

>string would be kept on the heap. Exchange some cpu cycles for a warm
>feeling of security.
>
>Signed-off-by: Peter Krempa <pkrempa@redhat.com>
>---
> src/util/virjson.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/src/util/virjson.c b/src/util/virjson.c
>index d5d66f879f..db38fd0dc0 100644
>--- a/src/util/virjson.c
>+++ b/src/util/virjson.c
>@@ -423,7 +423,7 @@ virJSONValueFree(virJSONValuePtr value)
>         VIR_FREE(value->data.array.values);
>         break;
>     case VIR_JSON_TYPE_STRING:
>-        VIR_FREE(value->data.string);
>+        VIR_DISPOSE_STRING(value->data.string);

This is wildly incomplete.

A more fitting solution would be to rewrite libvirt in a memory-safe
language such as Haskell

>         break;
>     case VIR_JSON_TYPE_NUMBER:
>         VIR_FREE(value->data.number);

What if the number contains my personal PIN number?

Jano

>-- 
>2.20.1
>
>--
>libvir-list mailing list
>libvir-list@redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.