From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 16 Oct 2024 10:27:36 +0000 (+0900)
Subject: journalctl: erase verify key before free
X-Git-Tag: v257-rc1~198^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d0ad4e88d4e6b5e312c359a6505125f7e088f3e3;p=thirdparty%2Fsystemd.git

journalctl: erase verify key before free

Even optarg is erased, copied string was not erased.
Let's erase the copied key for safety.
---

diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 8ed5d98675a..7a49ed8db7a 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -96,7 +96,7 @@ static ImagePolicy *arg_image_policy = NULL;
 
 STATIC_DESTRUCTOR_REGISTER(arg_file, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_facilities, set_freep);
-STATIC_DESTRUCTOR_REGISTER(arg_verify_key, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_verify_key, erase_and_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_syslog_identifier, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_exclude_identifier, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_system_units, strv_freep);
@@ -689,9 +689,11 @@ static int parse_argv(int argc, char *argv[]) {
                         break;
 
                 case ARG_VERIFY_KEY:
-                        r = free_and_strdup(&arg_verify_key, optarg);
-                        if (r < 0)
-                                return r;
+                        erase_and_free(arg_verify_key);
+                        arg_verify_key = strdup(optarg);
+                        if (!arg_verify_key)
+                                return log_oom();
+
                         /* Use memset not explicit_bzero() or similar so this doesn't look confusing
                          * in ps or htop output. */
                         memset(optarg, 'x', strlen(optarg));