journal-remote: erase secret PEM key from memory after use

diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
index 0723f7d8bbd896173af1d0901c7c93a9101f8d8f..09c7ca45739a234f707123896d6a8709c4d3668f 100644 (file)
--- a/src/journal-remote/journal-gatewayd.c
+++ b/src/journal-remote/journal-gatewayd.c
@@ -22,6 +22,7 @@
 #include "log.h"
 #include "logs-show.h"
 #include "main-func.h"
+#include "memory-util.h"
 #include "microhttpd-util.h"
 #include "os-util.h"
 #include "parse-util.h"
@@ -37,7 +38,7 @@ static char *arg_cert_pem = NULL;
 static char *arg_trust_pem = NULL;
 static const char *arg_directory = NULL;
 
-STATIC_DESTRUCTOR_REGISTER(arg_key_pem, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_key_pem, erase_and_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_cert_pem, freep);
 STATIC_DESTRUCTOR_REGISTER(arg_trust_pem, freep);
 

diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index d2aa1815c2220d467e03a0b7ed82c014bb8ab12b..16759aa6b521566406f4ce3ec6c8f07f9765a7cd 100644 (file)
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -13,6 +13,7 @@
 #include "journal-remote-write.h"
 #include "journal-remote.h"
 #include "main-func.h"
+#include "memory-util.h"
 #include "pretty-print.h"
 #include "process-util.h"
 #include "rlimit-util.h"
@@ -1106,7 +1107,8 @@ static int load_certificates(char **key, char **cert, char **trust) {
 static int run(int argc, char **argv) {
         _cleanup_(journal_remote_server_destroy) RemoteServer s = {};
         _cleanup_(notify_on_cleanup) const char *notify_message = NULL;
-        _cleanup_free_ char *key = NULL, *cert = NULL, *trust = NULL;
+        _cleanup_(erase_and_freep) char *key = NULL;
+        _cleanup_free_ char *cert = NULL, *trust = NULL;
         int r;
 
         log_show_color(true);