From 549508296d5824093d22eccb3af5976c325c6329 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Thu, 26 Oct 2017 10:21:06 +0100
Subject: [PATCH] use memwipe in a few relevant places

---
 src/common/password.cpp | 7 +++++--
 src/crypto/chacha8.h    | 5 +++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/common/password.cpp b/src/common/password.cpp
index 5d56464a5..01eaf62e1 100644
--- a/src/common/password.cpp
+++ b/src/common/password.cpp
@@ -46,6 +46,8 @@
   #include "readline_buffer.h"
 #endif
 
+#include "common/memwipe.h"
+
 namespace
 {
 #if defined(_WIN32)
@@ -163,8 +165,9 @@ namespace
 
   void clear(std::string& pass) noexcept
   {
-    //! TODO Call a memory wipe function that hopefully is not optimized out
-    pass.replace(0, pass.capacity(), pass.capacity(), '\0');
+    // technically, the std::string documentation says the data should not be modified,
+    // but there seems to be no way to get a non const raw pointer to the data
+    memwipe((void*)pass.data(), pass.size());
     pass.clear();
   }
 
diff --git a/src/crypto/chacha8.h b/src/crypto/chacha8.h
index 80557e9f5..1bf695731 100644
--- a/src/crypto/chacha8.h
+++ b/src/crypto/chacha8.h
@@ -39,6 +39,7 @@
 #if defined(__cplusplus)
 #include <memory.h>
 
+#include "common/memwipe.h"
 #include "hash.h"
 
 namespace crypto {
@@ -54,7 +55,7 @@ namespace crypto {
 
     ~chacha8_key()
     {
-      memset(data, 0, sizeof(data));
+      memwipe(data, sizeof(data));
     }
   };
 
@@ -75,7 +76,7 @@ namespace crypto {
     char pwd_hash[HASH_SIZE];
     crypto::cn_slow_hash(data, size, pwd_hash);
     memcpy(&key, pwd_hash, sizeof(key));
-    memset(pwd_hash, 0, sizeof(pwd_hash));
+    memwipe(pwd_hash, sizeof(pwd_hash));
   }
 
   inline void generate_chacha8_key(std::string password, chacha8_key& key) {