|
 |
fbe740 |
From 044e5a7db716235c167f76974d4bd7566248cf9a Mon Sep 17 00:00:00 2001
|
|
|
fbe740 |
Message-Id: <044e5a7db716235c167f76974d4bd7566248cf9a@dist-git>
|
|
|
fbe740 |
From: Peter Krempa <pkrempa@redhat.com>
|
|
|
fbe740 |
Date: Mon, 16 Mar 2020 22:11:45 +0100
|
|
|
fbe740 |
Subject: [PATCH] qemuDomainSecretAESSetup: Automatically free non-secret
|
|
|
fbe740 |
locals
|
|
|
fbe740 |
MIME-Version: 1.0
|
|
|
fbe740 |
Content-Type: text/plain; charset=UTF-8
|
|
|
fbe740 |
Content-Transfer-Encoding: 8bit
|
|
|
fbe740 |
|
|
|
fbe740 |
Use g_autofree for the ciphertext and init vector as they are not
|
|
|
fbe740 |
secret and thus don't have to be cleared and use g_new0 to allocate the
|
|
|
fbe740 |
iv for parity.
|
|
|
fbe740 |
|
|
|
fbe740 |
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
|
|
|
fbe740 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
fbe740 |
(cherry picked from commit 88126d5f0ec3899dbc3bc223d120de159ded9dca)
|
|
|
fbe740 |
|
|
|
fbe740 |
Conflicts:
|
|
|
fbe740 |
src/qemu/qemu_domain.c:
|
|
|
fbe740 |
20fa2bc6e52e01feaf39d12d38bcf8eaec4c9a46 was not backported
|
|
|
fbe740 |
and thus this patch also effectively backports the modification
|
|
|
fbe740 |
the patch mentioned above did to qemuDomainSecretAESSetup as it
|
|
|
fbe740 |
would not result in a clean backport.
|
|
|
fbe740 |
|
|
|
fbe740 |
https://bugzilla.redhat.com/show_bug.cgi?id=1804750
|
|
|
fbe740 |
Message-Id: <6d4512020332b977f8de5843469e0d030f4f65d3.1584391726.git.pkrempa@redhat.com>
|
|
|
fbe740 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
fbe740 |
---
|
|
|
fbe740 |
src/qemu/qemu_domain.c | 17 ++++++-----------
|
|
|
fbe740 |
1 file changed, 6 insertions(+), 11 deletions(-)
|
|
|
fbe740 |
|
|
|
fbe740 |
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
|
|
|
fbe740 |
index b77488026a..b26187659e 100644
|
|
|
fbe740 |
--- a/src/qemu/qemu_domain.c
|
|
|
fbe740 |
+++ b/src/qemu/qemu_domain.c
|
|
|
fbe740 |
@@ -1542,16 +1542,15 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
|
|
|
fbe740 |
virSecretLookupTypeDefPtr seclookupdef,
|
|
|
fbe740 |
bool isLuks)
|
|
|
fbe740 |
{
|
|
|
fbe740 |
- virConnectPtr conn;
|
|
|
fbe740 |
+ g_autoptr(virConnect) conn = virGetConnectSecret();
|
|
|
fbe740 |
int ret = -1;
|
|
|
fbe740 |
- uint8_t *raw_iv = NULL;
|
|
|
fbe740 |
+ g_autofree uint8_t *raw_iv = NULL;
|
|
|
fbe740 |
size_t ivlen = QEMU_DOMAIN_AES_IV_LEN;
|
|
|
fbe740 |
uint8_t *secret = NULL;
|
|
|
fbe740 |
size_t secretlen = 0;
|
|
|
fbe740 |
- uint8_t *ciphertext = NULL;
|
|
|
fbe740 |
+ g_autofree uint8_t *ciphertext = NULL;
|
|
|
fbe740 |
size_t ciphertextlen = 0;
|
|
|
fbe740 |
|
|
|
fbe740 |
- conn = virGetConnectSecret();
|
|
|
fbe740 |
if (!conn)
|
|
|
fbe740 |
return -1;
|
|
|
fbe740 |
|
|
|
fbe740 |
@@ -1559,14 +1558,13 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
|
|
|
fbe740 |
secinfo->s.aes.username = g_strdup(username);
|
|
|
fbe740 |
|
|
|
fbe740 |
if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
|
|
|
fbe740 |
- goto cleanup;
|
|
|
fbe740 |
+ return -1;
|
|
|
fbe740 |
|
|
|
fbe740 |
- if (VIR_ALLOC_N(raw_iv, ivlen) < 0)
|
|
|
fbe740 |
- goto cleanup;
|
|
|
fbe740 |
+ raw_iv = g_new0(uint8_t, ivlen);
|
|
|
fbe740 |
|
|
|
fbe740 |
/* Create a random initialization vector */
|
|
|
fbe740 |
if (virRandomBytes(raw_iv, ivlen) < 0)
|
|
|
fbe740 |
- goto cleanup;
|
|
|
fbe740 |
+ return -1;
|
|
|
fbe740 |
|
|
|
fbe740 |
/* Encode the IV and save that since qemu will need it */
|
|
|
fbe740 |
secinfo->s.aes.iv = g_base64_encode(raw_iv, ivlen);
|
|
|
fbe740 |
@@ -1592,10 +1590,7 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
|
|
|
fbe740 |
ret = 0;
|
|
|
fbe740 |
|
|
|
fbe740 |
cleanup:
|
|
|
fbe740 |
- VIR_DISPOSE_N(raw_iv, ivlen);
|
|
|
fbe740 |
VIR_DISPOSE_N(secret, secretlen);
|
|
|
fbe740 |
- VIR_DISPOSE_N(ciphertext, ciphertextlen);
|
|
|
fbe740 |
- virObjectUnref(conn);
|
|
|
fbe740 |
return ret;
|
|
|
fbe740 |
}
|
|
|
fbe740 |
|
|
|
fbe740 |
--
|
|
|
fbe740 |
2.25.1
|
|
|
fbe740 |
|