[libvirt] [PATCH] util: json: Nuke strings when freeing JSON objects
Ján Tomko
jtomko at redhat.com
Tue Feb 26 15:45:59 UTC 2019
On Tue, Feb 26, 2019 at 03:46:32PM +0100, Peter Krempa wrote:
>We construct JSON objects e.g. for setting the VNC password but then
>just VIR_FREE the strings cointained inside. If it was the password
s/cointained/contained/
>string would be kept on the heap. Exchange some cpu cycles for a warm
>feeling of security.
>
>Signed-off-by: Peter Krempa <pkrempa at redhat.com>
>---
> src/util/virjson.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/src/util/virjson.c b/src/util/virjson.c
>index d5d66f879f..db38fd0dc0 100644
>--- a/src/util/virjson.c
>+++ b/src/util/virjson.c
>@@ -423,7 +423,7 @@ virJSONValueFree(virJSONValuePtr value)
> VIR_FREE(value->data.array.values);
> break;
> case VIR_JSON_TYPE_STRING:
>- VIR_FREE(value->data.string);
>+ VIR_DISPOSE_STRING(value->data.string);
This is wildly incomplete.
A more fitting solution would be to rewrite libvirt in a memory-safe
language such as Haskell
> break;
> case VIR_JSON_TYPE_NUMBER:
> VIR_FREE(value->data.number);
What if the number contains my personal PIN number?
Jano
>--
>2.20.1
>
>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20190226/6506078f/attachment-0001.sig>
More information about the libvir-list
mailing list