External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

qemuBuildRBDSecinfoURI: Use virSecureEraseString instead of VIR_AUTODISPOSE_STR

Browse Source 
In this instance attempting to be correct is really pointless since the
secret is formatted into another string which is not erased securely and
then put on the commandline.

Keep the secure handling for correctness.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Peter Krempa 2021-02-02 17:04:30 +01:00
parent ffc13e76ac
commit 3b1d2ff510
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/qemu/qemu_command.c
View File

@ -66,6 +66,7 @@
#include "logging/log_manager.h"
#include "logging/log_protocol.h"
#include "virutil.h"
#include "virsecureerase.h"
#include <sys/stat.h>
#include <fcntl.h>
@ -776,7 +777,7 @@ static int
qemuBuildRBDSecinfoURI(virBufferPtr buf,
qemuDomainSecretInfoPtr secinfo)
{
VIR_AUTODISPOSE_STR base64secret = NULL;
g_autofree char *base64secret = NULL;
if (!secinfo) {
virBufferAddLit(buf, ":auth_supported=none");
@ -791,6 +792,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
virBufferEscape(buf, '\\', ":",
":key=%s:auth_supported=cephx\\;none",
base64secret);
virSecureEraseString(base64secret);
break;
case VIR_DOMAIN_SECRET_INFO_TYPE_AES: