rpc: securely erase the message buffers

While only a couple of the message types include sensitive data, the overhead of calling secure erase is not noticable enough to worry about making the erasure selective per type. Thus it is simplest to unconditionally securely erase the buffer. Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-03-20 07:59:00 +00:00 · 2022-12-12 05:23:46 -05:00 · 2022-12-12 05:23:46 -05:00 · 8ee8f0f828
commit 8ee8f0f828
parent 8868cb2f7c
1 changed files with 2 additions and 0 deletions
--- a/src/rpc/virnetmessage.c
+++ b/src/rpc/virnetmessage.c
@ -28,6 +28,7 @@
 #include "virlog.h"
 #include "virfile.h"
 #include "virutil.h"
+#include "virsecureerase.h"

 #define VIR_FROM_THIS VIR_FROM_RPC

@ -65,6 +66,7 @@ virNetMessageClearPayload(virNetMessage *msg)
 {
    virNetMessageClearFDs(msg);

+    virSecureErase(msg->buffer, msg->bufferLength);
    msg->bufferOffset = 0;
    msg->bufferLength = 0;
    VIR_FREE(msg->buffer);