On 9/6/22 15:48, Jiacheng Jiang wrote: > From: jiangjiacheng <jiangjiacheng@xxxxxxxxxx> > > The password may not be valid in the error branch, but for > higher security, it's better to clean up the memory before > freeing it. > > Signed-off-by: jiangjiacheng <jiangjiacheng@xxxxxxxxxx> > --- > src/conf/domain_conf.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c > index 970cc85ded..d456fd0067 100644 > --- a/src/conf/domain_conf.c > +++ b/src/conf/domain_conf.c > @@ -60,6 +60,7 @@ > #include "virdomainsnapshotobjlist.h" > #include "virdomaincheckpointobjlist.h" > #include "virutil.h" > +#include "virsecureerase.h" > > #define VIR_FROM_THIS VIR_FROM_DOMAIN > > @@ -10888,6 +10889,7 @@ virDomainGraphicsAuthDefParseXML(xmlNodePtr node, > virReportError(VIR_ERR_INTERNAL_ERROR, > _("cannot parse password validity time '%s', expect YYYY-MM-DDTHH:MM:SS"), > validTo); > + virSecureEraseString(def->passwd); > VIR_FREE(def->passwd); > return -1; > } There are other 'return -1' statements which leave virDomainGraphicsAuthDef partially filled. Eventually, the error leads to virDomainGraphicsDefFree() being called which in turn calls virDomainGraphicsAuthDefClear() which does not call virSecureEraseString(). I wonder what we can do about it. Michal