While only a couple of the message types include sensitive data,
the overhead of calling secure erase is not noticable enough
to worry about making the erasure selective per type. Thus it is
simplest to unconditionally securely erase the buffer.
Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
src/rpc/virnetmessage.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/rpc/virnetmessage.c b/src/rpc/virnetmessage.c
index 438c75b049..c9698fb263 100644
--- a/src/rpc/virnetmessage.c
+++ b/src/rpc/virnetmessage.c
@@ -28,6 +28,7 @@
#include "virlog.h"
#include "virfile.h"
#include "virutil.h"
+#include "virsecureerase.h"
#define VIR_FROM_THIS VIR_FROM_RPC
@@ -65,6 +66,7 @@ virNetMessageClearPayload(virNetMessage *msg)
{
virNetMessageClearFDs(msg);
+ virSecureErase(msg->buffer, msg->bufferLength);
msg->bufferOffset = 0;
msg->bufferLength = 0;
VIR_FREE(msg->buffer);
--
2.38.1
