virNetLibsshAuthenticatePassword: Use virSecureEraseString instead of VIR_AUTODISPOSE_STR

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/src/rpc/virnetlibsshsession.c b/src/rpc/virnetlibsshsession.c
index 9671a0f98dc900159210f452b79433eae8a94a29..73f5e998fcd0742860120d3c1b95ac840eae93e9 100644 (file)
--- a/src/rpc/virnetlibsshsession.c
+++ b/src/rpc/virnetlibsshsession.c
@@ -31,6 +31,7 @@
 #include "virstring.h"
 #include "virauth.h"
 #include "virbuffer.h"
+#include "virsecureerase.h"
 
 #define VIR_FROM_THIS VIR_FROM_LIBSSH
 
@@ -613,7 +614,7 @@ virNetLibsshAuthenticatePassword(virNetLibsshSessionPtr sess,
         /* Try the authenticating the set amount of times. The server breaks the
          * connection if maximum number of bad auth tries is exceeded */
         while (true) {
-            VIR_AUTODISPOSE_STR password = NULL;
+            g_autofree char *password = NULL;
 
             if (!(password = virAuthGetPasswordPath(sess->authPath, sess->cred,
                                                     "ssh", sess->username,
@@ -621,11 +622,12 @@ virNetLibsshAuthenticatePassword(virNetLibsshSessionPtr sess,
                 return SSH_AUTH_ERROR;
 
             /* tunnelled password authentication */
-            if ((rc = ssh_userauth_password(sess->session, NULL,
-                                            password)) == 0)
-                return SSH_AUTH_SUCCESS;
+            rc = ssh_userauth_password(sess->session, NULL, password);
+            virSecureEraseString(password);
 
-            if (rc != SSH_AUTH_DENIED)
+            if (rc == 0)
+                return SSH_AUTH_SUCCESS;
+            else if (rc != SSH_AUTH_DENIED)
                 break;
         }
     }