From: Lennart Poettering Date: Wed, 4 Nov 2020 15:13:09 +0000 (+0100) Subject: journal-remote: erase secret PEM key from memory after use X-Git-Tag: v248-rc1~615^2~12 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f362fe731bc7d78ce915b4cdb69ad3ad46536bf5;p=thirdparty%2Fsystemd.git journal-remote: erase secret PEM key from memory after use --- diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c index 0723f7d8bbd..09c7ca45739 100644 --- a/src/journal-remote/journal-gatewayd.c +++ b/src/journal-remote/journal-gatewayd.c @@ -22,6 +22,7 @@ #include "log.h" #include "logs-show.h" #include "main-func.h" +#include "memory-util.h" #include "microhttpd-util.h" #include "os-util.h" #include "parse-util.h" @@ -37,7 +38,7 @@ static char *arg_cert_pem = NULL; static char *arg_trust_pem = NULL; static const char *arg_directory = NULL; -STATIC_DESTRUCTOR_REGISTER(arg_key_pem, freep); +STATIC_DESTRUCTOR_REGISTER(arg_key_pem, erase_and_freep); STATIC_DESTRUCTOR_REGISTER(arg_cert_pem, freep); STATIC_DESTRUCTOR_REGISTER(arg_trust_pem, freep); diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c index d2aa1815c22..16759aa6b52 100644 --- a/src/journal-remote/journal-remote-main.c +++ b/src/journal-remote/journal-remote-main.c @@ -13,6 +13,7 @@ #include "journal-remote-write.h" #include "journal-remote.h" #include "main-func.h" +#include "memory-util.h" #include "pretty-print.h" #include "process-util.h" #include "rlimit-util.h" @@ -1106,7 +1107,8 @@ static int load_certificates(char **key, char **cert, char **trust) { static int run(int argc, char **argv) { _cleanup_(journal_remote_server_destroy) RemoteServer s = {}; _cleanup_(notify_on_cleanup) const char *notify_message = NULL; - _cleanup_free_ char *key = NULL, *cert = NULL, *trust = NULL; + _cleanup_(erase_and_freep) char *key = NULL; + _cleanup_free_ char *cert = NULL, *trust = NULL; int r; log_show_color(true);