util: secure erase virCommand send buffers

All users of virCommandSetSendBuffer() are using it to send sensitive
data to a child process. So, since these buffers contain sensitive
information, clear it with virSecureErase().

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

diff --git a/src/util/vircommand.c b/src/util/vircommand.c
index 704069815aac26718d89f031c303350e28629a6b..5fe7f2212d0c0997c176913be726c5b304975a8c 100644 (file)
--- a/src/util/vircommand.c
+++ b/src/util/vircommand.c
@@ -54,6 +54,7 @@
 #include "virpidfile.h"
 #include "virprocess.h"
 #include "virbuffer.h"
+#include "virsecureerase.h"
 #include "virthread.h"
 #include "virstring.h"
 
@@ -1697,6 +1698,7 @@ virCommandFreeSendBuffers(virCommand *cmd)
 
     for (i = 0; i < virCommandGetNumSendBuffers(cmd); i++) {
         VIR_FORCE_CLOSE(cmd->sendBuffers[i].fd);
+        virSecureErase(cmd->sendBuffers[i].buffer, cmd->sendBuffers[i].buflen);
         VIR_FREE(cmd->sendBuffers[i].buffer);
     }
     VIR_FREE(cmd->sendBuffers);