journal-remote: erase secret PEM key from memory after use

2020-11-04 16:13:09 +01:00 · 2020-11-04 16:13:09 +01:00 · f362fe731b
parent e9eec8b5d2
commit f362fe731b
2 changed files with 5 additions and 2 deletions
--- a/src/journal-remote/journal-gatewayd.c
+++ b/src/journal-remote/journal-gatewayd.c
@ -22,6 +22,7 @@
 #include "log.h"
 #include "logs-show.h"
 #include "main-func.h"
+#include "memory-util.h"
 #include "microhttpd-util.h"
 #include "os-util.h"
 #include "parse-util.h"
@ -37,7 +38,7 @@ static char *arg_cert_pem = NULL;
 static char *arg_trust_pem = NULL;
 static const char *arg_directory = NULL;

-STATIC_DESTRUCTOR_REGISTER(arg_key_pem, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_key_pem, erase_and_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_cert_pem, freep);
 STATIC_DESTRUCTOR_REGISTER(arg_trust_pem, freep);

--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@ -13,6 +13,7 @@
 #include "journal-remote-write.h"
 #include "journal-remote.h"
 #include "main-func.h"
+#include "memory-util.h"
 #include "pretty-print.h"
 #include "process-util.h"
 #include "rlimit-util.h"
@ -1106,7 +1107,8 @@ static int load_certificates(char **key, char **cert, char **trust) {
 static int run(int argc, char **argv) {
        _cleanup_(journal_remote_server_destroy) RemoteServer s = {};
        _cleanup_(notify_on_cleanup) const char *notify_message = NULL;
-        _cleanup_free_ char *key = NULL, *cert = NULL, *trust = NULL;
+        _cleanup_(erase_and_freep) char *key = NULL;
+        _cleanup_free_ char *cert = NULL, *trust = NULL;
        int r;

        log_show_color(true);