[PATCH 00/11] Remove secure clearing of memory where it doesn't make sense

In certain cases we tried to clear stuff which isn't secure and in other cases we clear the pointer but then pass the secret on the commandline. Remove the security theatre. Additionally all other instances which pass secret via RPC can be theoreticlaly removed as the secret is copied to/from and non-sanitized RPC buffer. We'd have to clear all RPC buffers though for this to be "properly" handled and not just security theater. Peter Krempa (11): virCryptoEncryptDataAESgnutls: Don't secure erase gnutls_datum_t structs virCryptoEncryptDataAESgnutls: Properly initialize data structures virCryptoEncryptDataAESgnutls: Restructure control flow virStorageBackendISCSISetAuth: Don't bother securely erasing password virStorageBackendISCSISetAuth: Use g_strndup to '\0' terminate data virStorageBackendISCSISetAuth: Refactor cleanup libxlMakeNetworkDiskSrc: Don't bother with secure erase of secrets libxlMakeNetworkDiskSrc: Refactor cleanup virStorageBackendRBDOpenRADOSConn: Don't log the RBD key datatypes: Register autoptr cleanup for virSecret virSecretGetSecretString: Refactor cleanup src/datatypes.h | 1 + src/libxl/libxl_conf.c | 24 +++++----------- src/storage/storage_backend_iscsi.c | 22 +++++---------- src/storage/storage_backend_rbd.c | 24 ++++++++++++---- src/util/vircrypto.c | 43 ++++++++++------------------- src/util/virsecret.c | 19 ++++--------- 6 files changed, 53 insertions(+), 80 deletions(-) -- 2.38.1