sneak/secret
1
0
Fork 1
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

Zero plaintext after copying to memguard in DecryptWithIdentity (closes #5) #10

Open
clawbot wants to merge 1 commits from clawbot/secret:fix/issue-5 into main
pull from: clawbot/secret:fix/issue-5
merge into: sneak:main
Conversation 0 Commits 1 Files Changed 1 +5
clawbot commented 2026-02-08 21:06:01 +01:00
First-time contributor
Copy Link

Zeroes the intermediate []byte slice after copying into the memguard.LockedBuffer to prevent decrypted secrets from lingering in unprotected heap memory.

Zeroes the intermediate `[]byte` slice after copying into the `memguard.LockedBuffer` to prevent decrypted secrets from lingering in unprotected heap memory.
sneak was assigned by clawbot 2026-02-08 21:06:01 +01:00
clawbot added 1 commit 2026-02-08 21:06:02 +01:00 
The decrypted data from io.ReadAll was copied into a memguard
LockedBuffer but the original byte slice was never zeroed, leaving
plaintext in swappable, dumpable heap memory.
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions.

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u fix/issue-5:clawbot-fix/issue-5
git checkout clawbot-fix/issue-5
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
sneak
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/secret#10
No description provided.
Delete Branch "clawbot/secret:fix/issue-5"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?