Mirror the passphrase handling so the heap is consistent: explicit_bzero
the strdup'd SSID before free, and clear the SSID entry widget alongside
the passphrase entry. SSIDs aren't secret per se, but leaving identifiable
network names in freed memory after a hidden-network prompt is avoidable.
Wipe passphrase memory in the auth and hidden-network dialogs (explicit_bzero
on owned copies plus overwriting the elm_entry buffer before destruction) so
secrets don't linger on the heap. Bind the hidden-network passphrase stash to
its SSID with a 30s timeout, so a typo'd or out-of-range hidden connect can't
leak its passphrase to an unrelated network whose RequestPassphrase happens
to land first. Re-RegisterAgent on iwd NameOwnerChanged so PSK connects
survive systemctl restart iwd instead of silently hanging.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Modal SSID + optional passphrase prompt with the same callback shape as
wifi_auth_prompt. Used by the upcoming popup "Hidden..." button.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
