From: Peter Krempa Date: Tue, 2 Feb 2021 16:05:23 +0000 (+0100) Subject: virNetLibsshAuthenticatePassword: Use virSecureEraseString instead of VIR_AUTODISPOSE_STR X-Git-Tag: v7.1.0-rc1~307 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7979d857837fbf579ad298d8aab157ca32b1bfe7;p=thirdparty%2Flibvirt.git virNetLibsshAuthenticatePassword: Use virSecureEraseString instead of VIR_AUTODISPOSE_STR Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrangé --- diff --git a/src/rpc/virnetlibsshsession.c b/src/rpc/virnetlibsshsession.c index 9671a0f98d..73f5e998fc 100644 --- a/src/rpc/virnetlibsshsession.c +++ b/src/rpc/virnetlibsshsession.c @@ -31,6 +31,7 @@ #include "virstring.h" #include "virauth.h" #include "virbuffer.h" +#include "virsecureerase.h" #define VIR_FROM_THIS VIR_FROM_LIBSSH @@ -613,7 +614,7 @@ virNetLibsshAuthenticatePassword(virNetLibsshSessionPtr sess, /* Try the authenticating the set amount of times. The server breaks the * connection if maximum number of bad auth tries is exceeded */ while (true) { - VIR_AUTODISPOSE_STR password = NULL; + g_autofree char *password = NULL; if (!(password = virAuthGetPasswordPath(sess->authPath, sess->cred, "ssh", sess->username, @@ -621,11 +622,12 @@ virNetLibsshAuthenticatePassword(virNetLibsshSessionPtr sess, return SSH_AUTH_ERROR; /* tunnelled password authentication */ - if ((rc = ssh_userauth_password(sess->session, NULL, - password)) == 0) - return SSH_AUTH_SUCCESS; + rc = ssh_userauth_password(sess->session, NULL, password); + virSecureEraseString(password); - if (rc != SSH_AUTH_DENIED) + if (rc == 0) + return SSH_AUTH_SUCCESS; + else if (rc != SSH_AUTH_DENIED) break; } }