From 8ee8f0f8287e30939684052f62e87464116f8360 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Mon, 12 Dec 2022 05:23:46 -0500
Subject: [PATCH] rpc: securely erase the message buffers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

While only a couple of the message types include sensitive data,
the overhead of calling secure erase is not noticable enough
to worry about making the erasure selective per type. Thus it is
simplest to unconditionally securely erase the buffer.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 src/rpc/virnetmessage.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/rpc/virnetmessage.c b/src/rpc/virnetmessage.c
index 438c75b049..c9698fb263 100644
--- a/src/rpc/virnetmessage.c
+++ b/src/rpc/virnetmessage.c
@@ -28,6 +28,7 @@
 #include "virlog.h"
 #include "virfile.h"
 #include "virutil.h"
+#include "virsecureerase.h"
 
 #define VIR_FROM_THIS VIR_FROM_RPC
 
@@ -65,6 +66,7 @@ virNetMessageClearPayload(virNetMessage *msg)
 {
     virNetMessageClearFDs(msg);
 
+    virSecureErase(msg->buffer, msg->bufferLength);
     msg->bufferOffset = 0;
     msg->bufferLength = 0;
     VIR_FREE(msg->buffer);