Re: [PATCH] tools: check for failure decoding secret base64 value

Tue, 06 Jan 2026 01:08:20 -0800 

On 1/5/26 18:49, Daniel P. Berrangé via Devel wrote:
> From: Daniel P. Berrangé <[email protected]>
> 
> The g_base64_decode function will return a valid pointer, but with
> length of zero when it fails to decode data. Report an error in that
> scenario, so avoid a later more obsecure error.
> 
> eg old behaviour
> 
>   # virsh secret-set-value  f52a81b2-424e-490c-823d-6bd4235bc507 foo
>   warning: Passing secret value as command-line argument is insecure!
>   error: Failed to set secret value
>   error: value in virSecretSetValue must not be NULL
> 
> new behaviour
> 
>   # /home/berrange/virsh secret-set-value  
> f52a81b2-424e-490c-823d-6bd4235bc507 foo
>   warning: Passing secret value as command-line argument is insecure!
>   error: Secret value is not valid base64
> 
> Signed-off-by: Daniel P. Berrangé <[email protected]>
> ---
>  tools/virsh-secret.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 

Reviewed-by: Michal Privoznik <[email protected]>
Michal

Reply via email to