sneak/secret
1
0
Fork 1
Code Issues 3 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Zero plaintext after copying to memguard in DecryptWithIdentity (closes #5) #10

Merged
sneak merged 1 commits from clawbot/secret:fix/issue-5 into main 2026-02-09 02:18:06 +01:00
Conversation 0 Commits 1 Files Changed 1 +5
clawbot commented 2026-02-08 21:06:01 +01:00
Contributor
Copy Link

Zeroes the intermediate []byte slice after copying into the memguard.LockedBuffer to prevent decrypted secrets from lingering in unprotected heap memory.

Zeroes the intermediate `[]byte` slice after copying into the `memguard.LockedBuffer` to prevent decrypted secrets from lingering in unprotected heap memory.
sneak was assigned by clawbot 2026-02-08 21:06:01 +01:00
clawbot added 1 commit 2026-02-08 21:06:02 +01:00 
The decrypted data from io.ReadAll was copied into a memguard
LockedBuffer but the original byte slice was never zeroed, leaving
plaintext in swappable, dumpable heap memory.
sneak merged commit 6ffb24b544 into main 2026-02-09 02:18:06 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
sneak
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/secret#10
No description provided.
Delete Branch "clawbot/secret:fix/issue-5"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?