Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
glib-aux: drop usage of malloc_usable_size() in nm_free_secret()
The idea of nm_free_secret() is to clear the secrets from memory. That surely is some layer of extra snake oil, because we tend to pass secrets via D-Bus, where the memory gets passed down to (D-Bus) libraries which have no idea to keep it private. Still... But turns out, malloc_usable_size() might not actually be usable for this. Read the discussion at [1]. Stop using malloc_usable_size(), which seems unfortunate. There is probably no secret relevant data after the NUL byte anyway, because we tend to create such strings once, and don't rewrite/truncate them afterwards (which would leave secrets behind as garbage). Note that systemd's erase_and_free() still uses malloc_usable_size() ([2]) but the macro foo to get that right is terrifying ([3]). [1] systemd/systemd#22801 (comment) [2] https://github.com/systemd/systemd/blob/11c0f0659ecd82572c2dc83f3b34493a36dcd954/src/basic/memory-util.h#L101 [3] systemd/systemd@7929e18 Fixes: d63cd26 ('shared: improve nm_free_secret() to clear entire memory buffer') (cherry picked from commit 8b66865) (cherry picked from commit 6e7fb78)
- Loading branch information