summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2020-11-04 16:13:09 +0100
committerLennart Poettering <lennart@poettering.net>2020-12-01 14:17:46 +0100
commitf362fe731bc7d78ce915b4cdb69ad3ad46536bf5 (patch)
tree3de7bc9d8f0e5a65f5c73ef64511080931e486d5
parentscope: on unified, make sure to unwatch all PIDs once they've been moved to t... (diff)
downloadsystemd-f362fe731bc7d78ce915b4cdb69ad3ad46536bf5.tar.xz
systemd-f362fe731bc7d78ce915b4cdb69ad3ad46536bf5.zip
journal-remote: erase secret PEM key from memory after use
-rw-r--r--src/journal-remote/journal-gatewayd.c3
-rw-r--r--src/journal-remote/journal-remote-main.c4
2 files changed, 5 insertions, 2 deletions
diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
index 0723f7d8bb..09c7ca4573 100644
--- a/src/journal-remote/journal-gatewayd.c
+++ b/src/journal-remote/journal-gatewayd.c
@@ -22,6 +22,7 @@
#include "log.h"
#include "logs-show.h"
#include "main-func.h"
+#include "memory-util.h"
#include "microhttpd-util.h"
#include "os-util.h"
#include "parse-util.h"
@@ -37,7 +38,7 @@ static char *arg_cert_pem = NULL;
static char *arg_trust_pem = NULL;
static const char *arg_directory = NULL;
-STATIC_DESTRUCTOR_REGISTER(arg_key_pem, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_key_pem, erase_and_freep);
STATIC_DESTRUCTOR_REGISTER(arg_cert_pem, freep);
STATIC_DESTRUCTOR_REGISTER(arg_trust_pem, freep);
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index d2aa1815c2..16759aa6b5 100644
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -13,6 +13,7 @@
#include "journal-remote-write.h"
#include "journal-remote.h"
#include "main-func.h"
+#include "memory-util.h"
#include "pretty-print.h"
#include "process-util.h"
#include "rlimit-util.h"
@@ -1106,7 +1107,8 @@ static int load_certificates(char **key, char **cert, char **trust) {
static int run(int argc, char **argv) {
_cleanup_(journal_remote_server_destroy) RemoteServer s = {};
_cleanup_(notify_on_cleanup) const char *notify_message = NULL;
- _cleanup_free_ char *key = NULL, *cert = NULL, *trust = NULL;
+ _cleanup_(erase_and_freep) char *key = NULL;
+ _cleanup_free_ char *cert = NULL, *trust = NULL;
int r;
log_show_color(true);