mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
qemuBuildRBDSecinfoURI: Use virSecureEraseString instead of VIR_AUTODISPOSE_STR
In this instance attempting to be correct is really pointless since the secret is formatted into another string which is not erased securely and then put on the commandline. Keep the secure handling for correctness. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
ffc13e76ac
commit
3b1d2ff510
@ -66,6 +66,7 @@
|
||||
#include "logging/log_manager.h"
|
||||
#include "logging/log_protocol.h"
|
||||
#include "virutil.h"
|
||||
#include "virsecureerase.h"
|
||||
|
||||
#include <sys/stat.h>
|
||||
#include <fcntl.h>
|
||||
@ -776,7 +777,7 @@ static int
|
||||
qemuBuildRBDSecinfoURI(virBufferPtr buf,
|
||||
qemuDomainSecretInfoPtr secinfo)
|
||||
{
|
||||
VIR_AUTODISPOSE_STR base64secret = NULL;
|
||||
g_autofree char *base64secret = NULL;
|
||||
|
||||
if (!secinfo) {
|
||||
virBufferAddLit(buf, ":auth_supported=none");
|
||||
@ -791,6 +792,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
|
||||
virBufferEscape(buf, '\\', ":",
|
||||
":key=%s:auth_supported=cephx\\;none",
|
||||
base64secret);
|
||||
virSecureEraseString(base64secret);
|
||||
break;
|
||||
|
||||
case VIR_DOMAIN_SECRET_INFO_TYPE_AES:
|
||||
|
Loading…
x
Reference in New Issue
Block a user