Zero plaintext after copying to memguard in DecryptWithIdentity (closes #5) #10

Scalone
sneak scala 1 commity/ów z :fix/issue-5 do main 2026-02-09 02:18:06 +01:00
Collaborator

Zeroes the intermediate []byte slice after copying into the memguard.LockedBuffer to prevent decrypted secrets from lingering in unprotected heap memory.

Zeroes the intermediate `[]byte` slice after copying into the `memguard.LockedBuffer` to prevent decrypted secrets from lingering in unprotected heap memory.
sneak zostaje przypisany(-a) przez clawbot 2026-02-08 21:06:01 +01:00
clawbot dodał(-a) 1 commit 2026-02-08 21:06:02 +01:00
The decrypted data from io.ReadAll was copied into a memguard
LockedBuffer but the original byte slice was never zeroed, leaving
plaintext in swappable, dumpable heap memory.
sneak merged commit 6ffb24b544 into main 2026-02-09 02:18:06 +01:00
Zaloguj się, aby dołączyć do tej rozmowy.
No Reviewers
Uczestnicy 1
Powiadomienia
Termin realizacji
Brak ustawionego terminu realizacji.
Zależności

No dependencies set.

Reference: sneak/secret#10