From f998ac628685c6459d5de3bd7469f9046901fc47 Mon Sep 17 00:00:00 2001
From: Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
Date: Sun, 27 Oct 2024 15:31:48 +0100
Subject: [PATCH] key: clear out secret data in `DecodeExtKey`

Same as in `DecodeSecret`, we should also clear out the secret data from
the vector resulting from the Base58Check parsing for xprv keys. Note
that the if condition is needed in order to avoid UB, see #14242 (commit
d855e4cac8303ad4e34ac31cfa7634286589ce99).

Github-Pull: #31166
Rebased-From: 559a8dd9c0aafcecf00f9ccd9aabe5720bcebe8c
---
 src/key_io.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/key_io.cpp b/src/key_io.cpp
index 29002afc457eb..6cece47e41039 100644
--- a/src/key_io.cpp
+++ b/src/key_io.cpp
@@ -274,6 +274,9 @@ CExtKey DecodeExtKey(const std::string& str)
             key.Decode(data.data() + prefix.size());
         }
     }
+    if (!data.empty()) {
+        memory_cleanse(data.data(), data.size());
+    }
     return key;
 }