journalctl: erase verify key before free

Even optarg is erased, copied string was not erased.
Let's erase the copied key for safety.

diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 8ed5d98675a22db471b16066139515e7cd709a36..7a49ed8db7acecc69714b239ef5efce0962475d6 100644 (file)
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -96,7 +96,7 @@ static ImagePolicy *arg_image_policy = NULL;
 
 STATIC_DESTRUCTOR_REGISTER(arg_file, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_facilities, set_freep);
-STATIC_DESTRUCTOR_REGISTER(arg_verify_key, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_verify_key, erase_and_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_syslog_identifier, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_exclude_identifier, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_system_units, strv_freep);
@@ -689,9 +689,11 @@ static int parse_argv(int argc, char *argv[]) {
                         break;
 
                 case ARG_VERIFY_KEY:
-                        r = free_and_strdup(&arg_verify_key, optarg);
-                        if (r < 0)
-                                return r;
+                        erase_and_free(arg_verify_key);
+                        arg_verify_key = strdup(optarg);
+                        if (!arg_verify_key)
+                                return log_oom();
+
                         /* Use memset not explicit_bzero() or similar so this doesn't look confusing
                          * in ps or htop output. */
                         memset(optarg, 'x', strlen(optarg));