Merge bitcoin#31166: key: clear out secret data in DecodeExtKey

achow101 · knst · commit 75484e8ccf95 · 2025-10-23T03:41:01.000+07:00
559a8dd key: clear out secret data in `DecodeExtKey` (Sebastian Falbesoner) Pull request description: Same as in `DecodeSecret`, we should also clear out the secret data from the vector resulting from the Base58Check parsing for xprv keys. Note that the if condition is needed in order to avoid UB, see bitcoin#14242 (commit d855e4c). ACKs for top commit: davidgumberg: utACK bitcoin@559a8dd achow101: ACK 559a8dd tdb3: cr ACK 559a8dd laanwj: Code review ACK 559a8dd Tree-SHA512: c22499fe2899a9a5a58159ec55e94cf961570d8af06358d4a6d1943d567be9b88657af90d060d3083985ea957886a4f91bb762a2fcf3311007e7a535b42b0fde
diff --git a/src/key_io.cpp b/src/key_io.cpp
@@ -134,6 +134,9 @@ CExtKey DecodeExtKey(const std::string& str)
             key.Decode(data.data() + prefix.size());
         }
     }
+    if (!data.empty()) {
+        memory_cleanse(data.data(), data.size());
+    }
     return key;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -134,6 +134,9 @@ CExtKey DecodeExtKey(const std::string& str)`
`134`	`134`	`key.Decode(data.data() + prefix.size());`
`135`	`135`	`}`
`136`	`136`	`}`
	`137`	`+ if (!data.empty()) {`
	`138`	`+ memory_cleanse(data.data(), data.size());`
	`139`	`+ }`
`137`	`140`	`return key;`
`138`	`141`	`}`
`139`	`142`