From b084b651afde7e98a9404b3a77bd41d7d500b95c Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Thu, 7 May 2020 15:57:56 +0200
Subject: [PATCH] wipe memory when setting a new password

---
 .../org/cryptomator/ui/unlock/UnlockController.java    | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockController.java b/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockController.java
index 8aa39c77d..38e41323c 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockController.java
@@ -21,6 +21,7 @@ import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
 import javax.inject.Named;
+import java.util.Arrays;
 import java.util.Optional;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
@@ -78,11 +79,14 @@ public class UnlockController implements FxController {
 	public void unlock() {
 		LOG.trace("UnlockController.unlock()");
 		CharSequence pwFieldContents = passwordField.getCharacters();
-		char[] pw = new char[pwFieldContents.length()];
+		char[] newPw = new char[pwFieldContents.length()];
 		for (int i = 0; i < pwFieldContents.length(); i++) {
-			pw[i] = pwFieldContents.charAt(i);
+			newPw[i] = pwFieldContents.charAt(i);
+		}
+		char[] oldPw = password.getAndSet(newPw);
+		if (oldPw != null) {
+			Arrays.fill(oldPw, ' ');
 		}
-		password.set(pw);
 		passwordEntryLock.interacted(UnlockModule.PasswordEntry.PASSWORD_ENTERED);
 	}