Doesn't zero password memory when terminal reset fails

conradkleinespel / rpassword

Cross platform Rust library to read a password in the terminal (Linux, BSD, OSX, Windows, WASM).

Apache License 2.0

243 stars 38 forks source link

Doesn't zero password memory when terminal reset fails #41

Closed tov closed 4 years ago

tov commented 4 years ago

In particular, see the error path here, which bails out before zeroing. I’m about to submit a PR that fixes this in a principled and robust (I think!) way.

conradkleinespel commented 4 years ago

Hi @tov ! Thanks for reporting this. I've just reviewed #42, once you've had a look at my question I think we can merge this. Cheers!