On 05/04/2017 09:00 AM, Peter Krempa wrote: > Since cookies can contain sensitive data (session ID, etc ...) it is > desired to hide them from the prying eyes of users. Add a possibility to > pass them via the secret infrastructure. > > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1447413 > > Signed-off-by: Peter Krempa <[email protected]> > --- > block/curl.c | 24 +++++++++++++++++++++++- > qapi/block-core.json | 12 ++++++++++-- > 2 files changed, 33 insertions(+), 3 deletions(-) >
> + if (cookie_secret) {
> + s->cookie = qcrypto_secret_lookup_as_utf8(cookie_secret, errp);
> + if (!s->cookie) {
> + goto out_noclean;
> + }
Can s->cookie ever be exposed back to the user (such as via a
query-block command)? If so, we should rather store cookie_secret for
display to the user, rather than the decoded version.
But I couldn't see where we would expose it, so I think you are safe.
I'd wait for another review, probably from Dan since he is the
secret-object expert, but I'm comfortable if you add:
Reviewed-by: Eric Blake <[email protected]>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
