fix(chat): tear down the chat session immediately on lite wallet lock
Security-review finding (low): on the lite variant, "Lock now" ran the backend `lock` but never updated state_.locked — that only refreshes on the next ~2s poll. Since chat teardown is driven by state_.isLocked() in maybeProvision ChatIdentity, the decrypted in-memory store, the chat identity secret key, and the seed-derived AEAD DB key all lingered in RAM for up to ~2s past an explicit lock (the full-node path closes this immediately, since App::lockWallet sets state_.locked synchronously). New App::lockLiteWallet() mirrors the full-node behavior: on a successful lite lock it sets state_.locked and tears down the chat session now (clearIdentity + store().clear() + chat_db_.lock() + re-arm). The lite "Lock now" button routes through it. (Note: the lite variant has no auto-lock at all — checkAutoLock -> App::lockWallet early-returns for lite — which is a separate, general lite gap.) Completes the end-to-end feature security review (1 confirmed finding of 3 raw, now fixed). Verified: Linux + Windows build with chat ON, ctest 100%, hygiene clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1818,8 +1818,9 @@ void RenderSettingsPage(App* app) {
|
||||
} else {
|
||||
ImGui::SetCursorScreenPos(ImVec2(leftX, ImGui::GetCursorScreenPos().y));
|
||||
if (TactileButton(TrId("lite_lock_now", "LiteLock").c_str(), ImVec2(0, 0), S.resolveFont("button"))) {
|
||||
// Route through App so the chat session is torn down immediately on lock.
|
||||
s_settingsState.lite_encryption_status =
|
||||
app->liteWallet()->lockWallet() ? TR("lite_wallet_locked") : TR("lite_lock_failed");
|
||||
app->lockLiteWallet() ? TR("lite_wallet_locked") : TR("lite_lock_failed");
|
||||
}
|
||||
}
|
||||
ImGui::SetCursorScreenPos(ImVec2(leftX, ImGui::GetCursorScreenPos().y));
|
||||
|
||||
Reference in New Issue
Block a user