From 9a40d38ad81d616ea58ef4508a02338991c82cab Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Wed, 29 Apr 2026 14:59:53 +0700 Subject: [PATCH] hidden: wipe SSID buffer and entry on dialog close Mirror the passphrase handling so the heap is consistent: explicit_bzero the strdup'd SSID before free, and clear the SSID entry widget alongside the passphrase entry. SSIDs aren't secret per se, but leaving identifiable network names in freed memory after a hidden-network prompt is avoidable. --- src/ui/wifi_hidden.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/ui/wifi_hidden.c b/src/ui/wifi_hidden.c index 3070944..e6b9252 100644 --- a/src/ui/wifi_hidden.c +++ b/src/ui/wifi_hidden.c @@ -41,7 +41,15 @@ _finish(Hidden_Ctx *c, Eina_Bool ok) explicit_bzero(pass, strlen(pass)); free(pass); } - free(ssid); + /* SSIDs aren't secret, but wiping keeps the heap consistent with the + * passphrase handling and avoids leaving identifiable network names in + * freed memory after a hidden-network prompt. */ + if (ssid) + { + explicit_bzero(ssid, strlen(ssid)); + free(ssid); + } + if (c->e_ssid) elm_entry_entry_set(c->e_ssid, ""); if (c->e_pass) elm_entry_entry_set(c->e_pass, ""); if (c->win) evas_object_del(c->win); free(c);