main: overwrite keys and let them run out of scope

As soon as we don't need them anymore, overwrite
keys with zeros. Make sure they run out of scope
so we don't create a risk of inadvertedly using
all-zero keys for encryption.

https://github.com/rfjakob/gocryptfs/issues/211

1 files changed, 12 insertions, 7 deletions

diff --git a/init_dir.go b/init_dir.go
index 791f7d1..b13f741 100644
--- a/init_dir.go
+++ b/init_dir.go
@@ -36,13 +36,18 @@ func initDir(args *argContainer) {
 	if args.extpass == "" {
 		tlog.Info.Printf("Choose a password for protecting your files.")
 	}
-	password := readpassword.Twice(args.extpass)
-	readpassword.CheckTrailingGarbage()
-	creator := tlog.ProgramName + " " + GitVersion
-	err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv, args.devrandom)
-	if err != nil {
-		tlog.Fatal.Println(err)
-		os.Exit(exitcodes.WriteConf)
+	{
+		creator := tlog.ProgramName + " " + GitVersion
+		password := readpassword.Twice(args.extpass)
+		readpassword.CheckTrailingGarbage()
+		err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv, args.devrandom)
+		if err != nil {
+			tlog.Fatal.Println(err)
+			os.Exit(exitcodes.WriteConf)
+		}
+		// Note: cannot overwrite password because in Go, strings are
+		// read-only byte slices.
+		// password runs out of scope here
 	}
 	// Forward mode with filename encryption enabled needs a gocryptfs.diriv
 	// in the root dir