mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-05 22:05:47 +00:00
util: secure erase virCommand send buffers
All users of virCommandSetSendBuffer() are using it to send sensitive data to a child process. So, since these buffers contain sensitive information, clear it with virSecureErase(). Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
parent
dfa657aa27
commit
545e16fab5
@ -54,6 +54,7 @@
|
|||||||
#include "virpidfile.h"
|
#include "virpidfile.h"
|
||||||
#include "virprocess.h"
|
#include "virprocess.h"
|
||||||
#include "virbuffer.h"
|
#include "virbuffer.h"
|
||||||
|
#include "virsecureerase.h"
|
||||||
#include "virthread.h"
|
#include "virthread.h"
|
||||||
#include "virstring.h"
|
#include "virstring.h"
|
||||||
|
|
||||||
@ -1697,6 +1698,7 @@ virCommandFreeSendBuffers(virCommand *cmd)
|
|||||||
|
|
||||||
for (i = 0; i < virCommandGetNumSendBuffers(cmd); i++) {
|
for (i = 0; i < virCommandGetNumSendBuffers(cmd); i++) {
|
||||||
VIR_FORCE_CLOSE(cmd->sendBuffers[i].fd);
|
VIR_FORCE_CLOSE(cmd->sendBuffers[i].fd);
|
||||||
|
virSecureErase(cmd->sendBuffers[i].buffer, cmd->sendBuffers[i].buflen);
|
||||||
VIR_FREE(cmd->sendBuffers[i].buffer);
|
VIR_FREE(cmd->sendBuffers[i].buffer);
|
||||||
}
|
}
|
||||||
VIR_FREE(cmd->sendBuffers);
|
VIR_FREE(cmd->sendBuffers);
|
||||||
|
Loading…
Reference in New Issue
Block a user