creds: use CLEANUP_ERASE for symmetric key

Just in case, ensure the sha256 that is used as a symmetric
key for encrypted creds is safely erased from memory.

Reported on yeswehack.com as YWH-PGM9780-166

Follow-up for 21bc0b6fa1de44b520353b935bf14160f9f70591

diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
index 54ae368fdfb09bfaaa1940c3efcd6f489af68402..9c093181c7b3347658eea86708c929ed4c7903b5 100644 (file)
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -840,6 +840,8 @@ int encrypt_credential_and_warn(
         /* Only one of these two flags may be set at the same time */
         assert(!FLAGS_SET(flags, CREDENTIAL_ALLOW_NULL) || !FLAGS_SET(flags, CREDENTIAL_REFUSE_NULL));
 
+        CLEANUP_ERASE(md);
+
         if (!CRED_KEY_IS_VALID(with_key) && !CRED_KEY_IS_AUTO(with_key))
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid key type: " SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(with_key));
 
@@ -1204,6 +1206,8 @@ int decrypt_credential_and_warn(
         /* Only one of these two flags may be set at the same time */
         assert(!FLAGS_SET(flags, CREDENTIAL_ALLOW_NULL) || !FLAGS_SET(flags, CREDENTIAL_REFUSE_NULL));
 
+        CLEANUP_ERASE(md);
+
         /* Relevant error codes:
          *
          *   -EBADMSG      → Corrupted file