From 559a8dd9c0aafcecf00f9ccd9aabe5720bcebe8c Mon Sep 17 00:00:00 2001
From: Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
Date: Sun, 27 Oct 2024 15:31:48 +0100
Subject: [PATCH] key: clear out secret data in `DecodeExtKey`

Same as in `DecodeSecret`, we should also clear out the secret data from
the vector resulting from the Base58Check parsing for xprv keys. Note
that the if condition is needed in order to avoid UB, see #14242 (commit
d855e4cac8303ad4e34ac31cfa7634286589ce99).
---
 src/key_io.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/key_io.cpp b/src/key_io.cpp
index 29002afc457..6cece47e410 100644
--- a/src/key_io.cpp
+++ b/src/key_io.cpp
@@ -274,6 +274,9 @@ CExtKey DecodeExtKey(const std::string& str)
             key.Decode(data.data() + prefix.size());
         }
     }
+    if (!data.empty()) {
+        memory_cleanse(data.data(), data.size());
+    }
     return key;
 }