key: clear out secret data in DecodeExtKey

Same as in `DecodeSecret`, we should also clear out the secret data from the vector resulting from the Base58Check parsing for xprv keys. Note that the if condition is needed in order to avoid UB, see bitcoin#14242 (commit d855e4c). Github-Pull: bitcoin#31166 Rebased-From: 559a8dd
fanquake · Oct 31, 2024 · f998ac6 · f998ac6
1 parent 0773560
commit f998ac6
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/key_io.cpp b/src/key_io.cpp
@@ -274,6 +274,9 @@ CExtKey DecodeExtKey(const std::string& str)
             key.Decode(data.data() + prefix.size());
         }
     }
+    if (!data.empty()) {
+        memory_cleanse(data.data(), data.size());
+    }
     return key;
 }