main: changePassword: zero masterkey

Overwrite the masterkey with zeros once we
have encrypted it, and let it run out of scope.

Also get rid of the password duplicate in
readpassword.Twice.

2 files changed, 17 insertions, 6 deletions

diff --git a/internal/readpassword/read.go b/internal/readpassword/read.go
index 047eba9..e2fce8a 100644
--- a/internal/readpassword/read.go
+++ b/internal/readpassword/read.go
@@ -49,6 +49,10 @@ func Twice(extpass string) []byte {
 		tlog.Fatal.Println("Passwords do not match")
 		os.Exit(exitcodes.ReadPassword)
 	}
+	// Wipe the password duplicate from memory
+	for i := range p2 {
+		p2[i] = 0
+	}
 	return p1
 }
 
diff --git a/main.go b/main.go
index ddb4f4e..1e1de11 100644
--- a/main.go
+++ b/main.go
@@ -61,20 +61,27 @@ func loadConfig(args *argContainer) (masterkey []byte, confFile *configfile.Conf
 }
 
 // changePassword - change the password of config file "filename"
+// Does not return (calls os.Exit both on success and on error).
 func changePassword(args *argContainer) {
-	masterkey, confFile, err := loadConfig(args)
-	if err != nil {
-		exitcodes.Exit(err)
-	}
-	tlog.Info.Println("Please enter your new password.")
+	var confFile *configfile.ConfFile
+	var err error
 	{
+		var masterkey []byte
+		masterkey, confFile, err = loadConfig(args)
+		if err != nil {
+			exitcodes.Exit(err)
+		}
+		tlog.Info.Println("Please enter your new password.")
 		newPw := readpassword.Twice(args.extpass)
 		readpassword.CheckTrailingGarbage()
 		confFile.EncryptKey(masterkey, newPw, confFile.ScryptObject.LogN())
 		for i := range newPw {
 			newPw[i] = 0
 		}
-		// newPw runs out of scope here
+		for i := range masterkey {
+			masterkey[i] = 0
+		}
+		// masterkey and newPw run out of scope here
 	}
 	// Are we resetting the password without knowing the old one using
 	// "-masterkey"?