wipe memory when setting a new password

2026-05-17 18:21:26 +00:00 · 2020-05-07 15:57:56 +02:00
parent fecf9c0423
commit b084b651af
1 changed files with 7 additions and 3 deletions
--- a/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockController.java
@@ -21,6 +21,7 @@ import org.slf4j.LoggerFactory;

 import javax.inject.Inject;
 import javax.inject.Named;
+import java.util.Arrays;
 import java.util.Optional;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
@@ -78,11 +79,14 @@ public class UnlockController implements FxController {
 	public void unlock() {
 		LOG.trace("UnlockController.unlock()");
 		CharSequence pwFieldContents = passwordField.getCharacters();
-		char[] pw = new char[pwFieldContents.length()];
+		char[] newPw = new char[pwFieldContents.length()];
 		for (int i = 0; i < pwFieldContents.length(); i++) {
-			pw[i] = pwFieldContents.charAt(i);
+			newPw[i] = pwFieldContents.charAt(i);
+		}
+		char[] oldPw = password.getAndSet(newPw);
+		if (oldPw != null) {
+			Arrays.fill(oldPw, ' ');
 		}
-		password.set(pw);
 		passwordEntryLock.interacted(UnlockModule.PasswordEntry.PASSWORD_ENTERED);
 	}