From 1f2409e9e2c15e1b96c2bcb3d7bfd77091b2a504 Mon Sep 17 00:00:00 2001
From: stoffu <stoffu@protonmail.ch>
Date: Thu, 16 Aug 2018 22:08:58 +0900
Subject: Do memwipe for critical secret keys copied to rct::key

---
 src/multisig/multisig.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/multisig/multisig.cpp')

diff --git a/src/multisig/multisig.cpp b/src/multisig/multisig.cpp
index d85c47772..a0a788b7d 100644
--- a/src/multisig/multisig.cpp
+++ b/src/multisig/multisig.cpp
@@ -47,9 +47,12 @@ namespace cryptonote
   crypto::secret_key get_multisig_blinded_secret_key(const crypto::secret_key &key)
   {
     rct::keyV data;
+    data.reserve(2);
     data.push_back(rct::sk2rct(key));
     data.push_back(multisig_salt);
-    return rct::rct2sk(rct::hash_to_scalar(data));
+    crypto::secret_key result = rct::rct2sk(rct::hash_to_scalar(data));
+    memwipe(&data[0], sizeof(rct::key));
+    return result;
   }
   //-----------------------------------------------------------------
   void generate_multisig_N_N(const account_keys &keys, const std::vector<crypto::public_key> &spend_keys, std::vector<crypto::secret_key> &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey)
-- 
cgit v1.2.3