conf: clean up memory containing secrets before freeing

The password may not be valid in the error branch, but for
higher security, it's better to clean up the memory before
freeing it.

Signed-off-by: jiangjiacheng <jiangjiacheng@huawei.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 237f1d683573f346cfd7a16a159e22f06578e376..5ae5399998d28a449e0e23afb83a7f1338dd35ad 100644 (file)
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -60,6 +60,7 @@
 #include "virdomainsnapshotobjlist.h"
 #include "virdomaincheckpointobjlist.h"
 #include "virutil.h"
+#include "virsecureerase.h"
 
 #define VIR_FROM_THIS VIR_FROM_DOMAIN
 
@@ -10849,6 +10850,7 @@ virDomainGraphicsAuthDefParseXML(xmlNodePtr node,
             virReportError(VIR_ERR_INTERNAL_ERROR,
                            _("cannot parse password validity time '%s', expect YYYY-MM-DDTHH:MM:SS"),
                            validTo);
+            virSecureEraseString(def->passwd);
             VIR_FREE(def->passwd);
             return -1;
         }