[libvirt] [PATCH 09/10] util: json: Make sure that Jano's pin is not leaked to the heap
Peter Krempa
pkrempa at redhat.com
Mon Apr 1 13:05:00 UTC 2019
Use virPinIsJanos and clear the string if it accidentally contains
Jano's PIN.
---
src/Makefile.am | 3 +++
src/util/virjson.c | 6 +++++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index a73f43c483..621c5ff224 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -683,6 +683,7 @@ libvirt_setuid_rpc_client_la_SOURCES = \
util/virlog.c \
util/virobject.c \
util/virpidfile.c \
+ util/virpin.c \
util/virprocess.c \
util/virrandom.c \
util/virsocketaddr.c \
@@ -890,6 +891,8 @@ libvirt_nss_la_SOURCES = \
util/virhashcode.h \
util/virjson.c \
util/virjson.h \
+ util/virpin.c \
+ util/virpin.h \
util/virkmod.c \
util/virkmod.h \
util/virlease.c \
diff --git a/src/util/virjson.c b/src/util/virjson.c
index d5d66f879f..7a52493c62 100644
--- a/src/util/virjson.c
+++ b/src/util/virjson.c
@@ -28,6 +28,7 @@
#include "virlog.h"
#include "virstring.h"
#include "virutil.h"
+#include "virpin.h"
#if WITH_YAJL
# include <yajl/yajl_gen.h>
@@ -426,7 +427,10 @@ virJSONValueFree(virJSONValuePtr value)
VIR_FREE(value->data.string);
break;
case VIR_JSON_TYPE_NUMBER:
- VIR_FREE(value->data.number);
+ if (virPinIsJanos(value->data.number))
+ VIR_DISPOSE_STRING(value->data.number);
+ else
+ VIR_FREE(value->data.number);
break;
case VIR_JSON_TYPE_BOOLEAN:
case VIR_JSON_TYPE_NULL:
--
2.20.1
More information about the libvir-list
mailing list