[PATCH 04/11] virStorageBackendISCSISetAuth: Don't bother securely erasing password

Peter Krempa <pkrempa@xxxxxxxxxx> · Fri, 9 Dec 2022 17:28:56 +0100

We fetch the password via RPC so it's already contained in an
un-sanitized buffer and pass it to 'iscsiadm' via virCommand where it's
in another un-sanitized buffer (and on the commandline!!).

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 src/storage/storage_backend_iscsi.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/storage/storage_backend_iscsi.c b/src/storage/storage_backend_iscsi.c
index 968a70158b..78c86e6359 100644
--- a/src/storage/storage_backend_iscsi.c
+++ b/src/storage/storage_backend_iscsi.c
@@ -38,7 +38,6 @@
 #include "virsecret.h"
 #include "storage_util.h"
 #include "virutil.h"
-#include "virsecureerase.h"

 #define VIR_FROM_THIS VIR_FROM_STORAGE

@@ -284,7 +283,6 @@ virStorageBackendISCSISetAuth(const char *portal,

     secret_str = g_new0(char, secret_size + 1);
     memcpy(secret_str, secret_value, secret_size);
-    virSecureErase(secret_value, secret_size);
     secret_str[secret_size] = '\0';

     if (virISCSINodeUpdate(portal,
@@ -304,7 +302,6 @@ virStorageBackendISCSISetAuth(const char *portal,
     ret = 0;

  cleanup:
-    virSecureErase(secret_str, secret_size);
     virObjectUnref(conn);
     return ret;
 }
-- 
2.38.1







