From: jiangjiacheng <jiangjiacheng@huawei.com>
Date: Tue, 6 Sep 2022 13:48:29 +0000 (+0800)
Subject: conf: clean up memory containing secrets before freeing
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=51f8130d78fde3201b49c02b7095ff918b6e658a;p=libvirt.git

conf: clean up memory containing secrets before freeing

The password may not be valid in the error branch, but for
higher security, it's better to clean up the memory before
freeing it.

Signed-off-by: jiangjiacheng <jiangjiacheng@huawei.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
---

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 237f1d6835..5ae5399998 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -60,6 +60,7 @@
 #include "virdomainsnapshotobjlist.h"
 #include "virdomaincheckpointobjlist.h"
 #include "virutil.h"
+#include "virsecureerase.h"
 
 #define VIR_FROM_THIS VIR_FROM_DOMAIN
 
@@ -10849,6 +10850,7 @@ virDomainGraphicsAuthDefParseXML(xmlNodePtr node,
             virReportError(VIR_ERR_INTERNAL_ERROR,
                            _("cannot parse password validity time '%s', expect YYYY-MM-DDTHH:MM:SS"),
                            validTo);
+            virSecureEraseString(def->passwd);
             VIR_FREE(def->passwd);
             return -1;
         }