sneak/secret
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Zero plaintext after copying to memguard in DecryptWithIdentity (closes #5) #10

Merged
sneak merged 1 commits from :fix/issue-5 into main 2026-02-09 02:18:06 +01:00
Conversation 0 Commits 1 Files Changed 1 +5
clawbot commented 2026-02-08 21:06:01 +01:00
Collaborator
Copy Link

Zeroes the intermediate []byte slice after copying into the memguard.LockedBuffer to prevent decrypted secrets from lingering in unprotected heap memory.

Zeroes the intermediate `[]byte` slice after copying into the `memguard.LockedBuffer` to prevent decrypted secrets from lingering in unprotected heap memory.
sneak was assigned by clawbot 2026-02-08 21:06:01 +01:00
clawbot added 1 commit 2026-02-08 21:06:02 +01:00
security: zero plaintext after copying to memguard in DecryptWithIdentity fd77a047f9 
The decrypted data from io.ReadAll was copied into a memguard
LockedBuffer but the original byte slice was never zeroed, leaving
plaintext in swappable, dumpable heap memory.
sneak merged commit 6ffb24b544 into main 2026-02-09 02:18:06 +01:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
merge-ready
needs-checks
needs-rebase
needs-review
needs-rework
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
clawbot sneak
No Assignees sneak
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: sneak/secret#10
Delete Branch ":fix/issue-5"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?