Patches 1-6 are pure refactors, other patches then convert handling to
the newly introduced functions.
Unfortunately quite a lot of the supposedly "secure" handling of secrets
isn't really secure as we e.g. copy the secret into another buffer which
isn't cleared properly or format it directly onto the commadline ...
I've kept them so that they are still marked as secure despite the
handling being pointless.
v2:
- use a new wrapper virSecureErase to mark places really needing secure
handling instead of just plain memset (but the wrapper still uses
memset)
- converted other memset calls to virSecureErase in
virCryptoEncryptDataAESgnutls, probably the only function worthy
of this change
- added patches removing the string disposal code too
Peter Krempa (27):
hypervFreeInvokeParams: Don't use VIR_DISPOSE_N for freeing 'params'
libxlMakeDomBuildInfo: Don't use VIR_DISPOSE_N for USB device list
qemuDomainMasterKeyCreate: Don't use VIR_DISPOSE_N on failure
cmdSecretSetValue: Make it obvious that --file, --base64 and
--interactive are exlcusive
virNetLibsshSessionAuthAddPrivKeyAuth: Don't unlock unlocked 'sess' on
error
virNetLibsshSessionAuthAddPrivKeyAuth: Refactor cleanup
util: Introduce virsecureerase module
virsh: cmdSecretSetValue: Rework handling of the secret value
storage_backend_iscsi(_direct): Properly clear secrets
libxlMakeNetworkDiskSrc: Avoid use of VIR_DISPOSE_N
qemu: domain: Use virSecureErase for clearing secrets instead of
VIR_DISPOSE_N
virsh: cmdSecretGetValue: Use virSecureErase instead of VIR_DISPOSE_N
virStorageBackendRBDOpenRADOSConn: Use virSecureErase instead of
VIR_DISPOSE_N
virCryptoEncryptDataAESgnutls: Use virSecureErase instead of
VIR_DISPOSE_N
virCryptoEncryptDataAESgnutls: Use virSecureErase instead of memset
storageBackendCreateQemuImgSecretPath: Use virSecureErase instead of
VIR_DISPOSE_N
tests: viralloc: Remove testDispose case
util: viralloc: Remove VIR_DISPOSE(_N)
util: virsecureerase: Introduce virSecureEraseString
libxlMakeNetworkDiskSrc: Use virSecureEraseString instead of
VIR_AUTODISPOSE_STR
qemuBuildRBDSecinfoURI: Use virSecureEraseString instead of
VIR_AUTODISPOSE_STR
virStorageBackendRBDOpenRADOSConn: Use virSecureEraseString instead of
VIR_AUTODISPOSE_STR
cmdSecretGetValue: Use virSecureEraseString instead of
VIR_AUTODISPOSE_STR
virNetLibsshAuthenticatePassword: Use virSecureEraseString instead of
VIR_AUTODISPOSE_STR
util: alloc: Remove VIR_AUTODISPOSE_STR
virnetlibsshsession: Replace VIR_DISPOSE_STRING with
virSecureEraseString
util: alloc: Remove VIR_DISPOSE_STRING
src/hyperv/hyperv_wmi.c | 4 +-
src/libvirt_private.syms | 7 ++-
src/libxl/libxl_conf.c | 16 ++++--
src/qemu/qemu_command.c | 4 +-
src/qemu/qemu_domain.c | 22 +++++---
src/rpc/virnetlibsshsession.c | 50 +++++++----------
src/storage/storage_backend_iscsi.c | 16 +++---
src/storage/storage_backend_iscsi_direct.c | 17 +++---
src/storage/storage_backend_rbd.c | 16 ++++--
src/storage/storage_util.c | 4 +-
src/util/meson.build | 1 +
src/util/viralloc.c | 52 ------------------
src/util/viralloc.h | 51 -----------------
src/util/vircrypto.c | 12 ++--
src/util/virsecureerase.c | 57 +++++++++++++++++++
src/util/virsecureerase.h | 28 ++++++++++
tests/viralloctest.c | 34 ------------
tools/virsh-secret.c | 64 ++++++++++------------
18 files changed, 206 insertions(+), 249 deletions(-)
create mode 100644 src/util/virsecureerase.c
create mode 100644 src/util/virsecureerase.h
--
2.29.2
