[wallet] Securely erase potentially sensitive keys/values

Github-Pull: #10308 Rebased-From: 6c914ac176
2026-01-21 15:50:07 +01:00 · 2017-03-23 14:07:51 -07:00
parent ff13f592c5
commit 28b8b8b603
2 changed files with 22 additions and 20 deletions
--- a/src/support/cleanse.h
+++ b/src/support/cleanse.h
@@ -8,6 +8,7 @@

 #include <stdlib.h>

+// Attempt to overwrite data in the specified memory span.
 void memory_cleanse(void *ptr, size_t len);

 #endif // BITCOIN_SUPPORT_CLEANSE_H
--- a/src/wallet/db.h
+++ b/src/wallet/db.h
@@ -126,22 +126,23 @@ protected:
        Dbt datValue;
        datValue.set_flags(DB_DBT_MALLOC);
        int ret = pdb->get(activeTxn, &datKey, &datValue, 0);
-        memset(datKey.get_data(), 0, datKey.get_size());
-        if (datValue.get_data() == NULL)
-            return false;
+        memory_cleanse(datKey.get_data(), datKey.get_size());
+        bool success = false;
+        if (datValue.get_data() != NULL) {
+            // Unserialize value
+            try {
+                CDataStream ssValue((char*)datValue.get_data(), (char*)datValue.get_data() + datValue.get_size(), SER_DISK, CLIENT_VERSION);
+                ssValue >> value;
+                success = true;
+            } catch (const std::exception&) {
+                // In this case success remains 'false'
+            }

-        // Unserialize value
-        try {
-            CDataStream ssValue((char*)datValue.get_data(), (char*)datValue.get_data() + datValue.get_size(), SER_DISK, CLIENT_VERSION);
-            ssValue >> value;
-        } catch (const std::exception&) {
-            return false;
+            // Clear and free memory
+            memory_cleanse(datValue.get_data(), datValue.get_size());
+            free(datValue.get_data());
        }
-
-        // Clear and free memory
-        memset(datValue.get_data(), 0, datValue.get_size());
-        free(datValue.get_data());
-        return (ret == 0);
+        return ret == 0 && success;
    }

    template <typename K, typename T>
@@ -168,8 +169,8 @@ protected:
        int ret = pdb->put(activeTxn, &datKey, &datValue, (fOverwrite ? 0 : DB_NOOVERWRITE));

        // Clear memory in case it was a private key
-        memset(datKey.get_data(), 0, datKey.get_size());
-        memset(datValue.get_data(), 0, datValue.get_size());
+        memory_cleanse(datKey.get_data(), datKey.get_size());
+        memory_cleanse(datValue.get_data(), datValue.get_size());
        return (ret == 0);
    }

@@ -191,7 +192,7 @@ protected:
        int ret = pdb->del(activeTxn, &datKey, 0);

        // Clear memory
-        memset(datKey.get_data(), 0, datKey.get_size());
+        memory_cleanse(datKey.get_data(), datKey.get_size());
        return (ret == 0 || ret == DB_NOTFOUND);
    }

@@ -211,7 +212,7 @@ protected:
        int ret = pdb->exists(activeTxn, &datKey, 0);

        // Clear memory
-        memset(datKey.get_data(), 0, datKey.get_size());
+        memory_cleanse(datKey.get_data(), datKey.get_size());
        return (ret == 0);
    }

@@ -254,8 +255,8 @@ protected:
        ssValue.write((char*)datValue.get_data(), datValue.get_size());

        // Clear and free memory
-        memset(datKey.get_data(), 0, datKey.get_size());
-        memset(datValue.get_data(), 0, datValue.get_size());
+        memory_cleanse(datKey.get_data(), datKey.get_size());
+        memory_cleanse(datValue.get_data(), datValue.get_size());
        free(datKey.get_data());
        free(datValue.get_data());
        return 0;