key: clear out secret data in DecodeExtKey

theStack · theStack · commit 559a8dd9c0aa · 2024-10-27T15:38:54.000+01:00
Same as in `DecodeSecret`, we should also clear out the secret data from the vector resulting from the Base58Check parsing for xprv keys. Note that the if condition is needed in order to avoid UB, see bitcoin#14242 (commit d855e4c).
diff --git a/src/key_io.cpp b/src/key_io.cpp
@@ -274,6 +274,9 @@ CExtKey DecodeExtKey(const std::string& str)
             key.Decode(data.data() + prefix.size());
         }
     }
+    if (!data.empty()) {
+        memory_cleanse(data.data(), data.size());
+    }
     return key;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -274,6 +274,9 @@ CExtKey DecodeExtKey(const std::string& str)`
`274`	`274`	`key.Decode(data.data() + prefix.size());`
`275`	`275`	`}`
`276`	`276`	`}`
	`277`	`+ if (!data.empty()) {`
	`278`	`+ memory_cleanse(data.data(), data.size());`
	`279`	`+ }`
`277`	`280`	`return key;`
`278`	`281`	`}`
`279`	`282`