Page MenuHomePhabricator

Zero out wallet master key upon lock
ClosedPublic

Authored by PiRK on Mar 14 2023, 12:02.

Details

Reviewers
Fabien
Group Reviewers
Restricted Project
Commits
rABC05238e31ba53: Zero out wallet master key upon lock
Summary

When an encrypted wallet is locked (for instance via the
RPC walletlock), the docs indicate that the key is
removed from memory. However, the vector (with a secure
allocator) is merely cleared. This allows the key to persist
indefinitely in memory. Instead, manually fill the bytes with
zeroes before clearing.

This is a backport of core#27080

Test Plan

ninja all check-all