Re: [Qemu-devel] [PATCH v2 01/13] introduce g_autowipe

["Daniel P. Berrangé" <berrange@redhat.com>]

On Mon, Aug 26, 2019 at 04:50:51PM +0300, Maxim Levitsky wrote:
> Marking a pointer with g_autowipe, will
> not only free it at the scope exit, but also
> erase the data it points to just prior to freeing it.
> 
> This is first attempt to implement this feature,
> as suggested by Daniel and Nir.
> 
> The things that need to be verified prior to merging this is
> 
> 1. Can we just always use memset_s (defined in C++)
>  or some alternative.
> 
> 2. is it portable enought for us to use malloc_usable_size
> to get the size of malloced pointer in the autofree callback?
> This function is aviable in glibc (but no wrapper in glib).

Urgh, no, we can't rely on that.

I completely forgot that we would need to know the size during
the deallocate function.  The portable way to deal with this
will be to change all our code that handles passwords to use
GString instead, since that is a struct carrying around the
allocated size.

As mentioned in v1, I'm fine if you just let this series use
memset as this is a pre-existing problem & we can fix it
in separate yseries.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|