sneak/secret
1
0
Fork 1
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Zero plaintext after copying to memguard in DecryptWithIdentity (closes #5) #10

Merged
sneak merged 1 commits from clawbot/secret:fix/issue-5 into main 2026-02-09 02:18:06 +01:00
Conversation 0 Commits 1 Files Changed 1 +5
clawbot commented 2026-02-08 21:06:01 +01:00
Collaborator
Copy Link

Zeroes the intermediate []byte slice after copying into the memguard.LockedBuffer to prevent decrypted secrets from lingering in unprotected heap memory.

Zeroes the intermediate `[]byte` slice after copying into the `memguard.LockedBuffer` to prevent decrypted secrets from lingering in unprotected heap memory.
sneak was assigned by clawbot 2026-02-08 21:06:01 +01:00
clawbot added 1 commit 2026-02-08 21:06:02 +01:00 
The decrypted data from io.ReadAll was copied into a memguard
LockedBuffer but the original byte slice was never zeroed, leaving
plaintext in swappable, dumpable heap memory.
sneak merged commit 6ffb24b544 into main 2026-02-09 02:18:06 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bot

Agent's turn to work

  
merge-ready

   
needs-checks

   
needs-rebase

   
needs-review

   
needs-rework
No Label
bot
merge-ready
needs-checks
needs-rebase
needs-review
needs-rework
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
sneak
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/secret#10
No description provided.
Delete Branch "clawbot/secret:fix/issue-5"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?