fix(settings): securely wipe the exported private key (no heap-lingering secret)
The Export Private Key dialog held the exported spending key in a plain std::string cleared only with .clear() — never sodium_memzero'd — and on outside-click/Esc the overlay's early return skipped even that, so the secret lingered in freed heap. Hold it in a fixed char[256] and sodium_memzero on every close path (Close button, outside-click/Esc early return, address change). Guard the async export callback so it can't populate the buffer after the dialog closed. Standalone security fix ahead of the settings-modal redesign (Phase 0a); the dialog's full restyle is Phase 2. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -808,7 +808,7 @@ private:
|
||||
size_t daemon_output_offset_ = 0; // for incremental output parsing (rescan detection)
|
||||
|
||||
// Export/Import state
|
||||
std::string export_result_;
|
||||
char export_result_[256] = {0}; // SECRET exported key — fixed buffer so it can be sodium_memzero'd
|
||||
char import_key_input_[512] = {0};
|
||||
std::string export_address_;
|
||||
std::string import_status_;
|
||||
|
||||
Reference in New Issue
Block a user