On 9/6/22 15:48, Jiacheng Jiang wrote:
From: jiangjiacheng <jiangjiacheng@huawei.com>
The password may not be valid in the error branch, but for higher security, it's better to clean up the memory before freeing it.
Signed-off-by: jiangjiacheng <jiangjiacheng@huawei.com> --- src/conf/domain_conf.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 970cc85ded..d456fd0067 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -60,6 +60,7 @@ #include "virdomainsnapshotobjlist.h" #include "virdomaincheckpointobjlist.h" #include "virutil.h" +#include "virsecureerase.h"
#define VIR_FROM_THIS VIR_FROM_DOMAIN
@@ -10888,6 +10889,7 @@ virDomainGraphicsAuthDefParseXML(xmlNodePtr node, virReportError(VIR_ERR_INTERNAL_ERROR, _("cannot parse password validity time '%s', expect YYYY-MM-DDTHH:MM:SS"), validTo); + virSecureEraseString(def->passwd); VIR_FREE(def->passwd); return -1; }
There are other 'return -1' statements which leave virDomainGraphicsAuthDef partially filled. Eventually, the error leads to virDomainGraphicsDefFree() being called which in turn calls virDomainGraphicsAuthDefClear() which does not call virSecureEraseString(). I wonder what we can do about it. Michal