Switch the secret value to 'g_autofree' for handling of the memory and
clear it out using virSecureErase.
Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
src/storage/storage_backend_rbd.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c
index 22f5c78591..1f83205dfa 100644
--- a/src/storage/storage_backend_rbd.c
+++ b/src/storage/storage_backend_rbd.c
@@ -35,6 +35,7 @@
#include "rbd/librbd.h"
#include "virsecret.h"
#include "storage_util.h"
+#include "virsecureerase.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
@@ -185,7 +186,7 @@ virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr ptr,
int ret = -1;
virStoragePoolSourcePtr source = &def->source;
virStorageAuthDefPtr authdef = source->auth;
- unsigned char *secret_value = NULL;
+ g_autofree unsigned char *secret_value = NULL;
size_t secret_value_size = 0;
VIR_AUTODISPOSE_STR rados_key = NULL;
g_auto(virBuffer) mon_host = VIR_BUFFER_INITIALIZER;
@@ -215,6 +216,7 @@ virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr ptr,
goto cleanup;
rados_key = g_base64_encode(secret_value, secret_value_size);
+ virSecureErase(secret_value, secret_value_size);
if (virStorageBackendRBDRADOSConfSet(ptr->cluster,
"key", rados_key) < 0)
@@ -325,8 +327,6 @@ virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr ptr,
ret = 0;
cleanup:
- VIR_DISPOSE_N(secret_value, secret_value_size);
-
virObjectUnref(conn);
return ret;
}
--
2.29.2
