From 8f45661cba372b96d673ba9437cb9e359b59b3e5 Mon Sep 17 00:00:00 2001 From: kozyilmaz Date: Tue, 16 Jun 2026 11:21:04 +0300 Subject: [PATCH] Make container_cleaner empty-safe container_cleaner's destructor wiped its buffer with OPENSSL_cleanse(&_secret[0], _secret.size()). On an empty std::vector, &_secret[0] is out-of-bounds operator[] -- undefined behaviour, and a hardened build (_GLIBCXX_ASSERTIONS) or UBSan aborts on it (the std::string case is benign only by the s[0]==NUL special case). Guard on empty and take the address via data() instead of &_secret[0]: 'if (!_secret.empty()) OPENSSL_cleanse(_secret.data(), _secret.size());' No behaviour change when non-empty; a clean no-op when empty. Signed-off-by: kozyilmaz --- include/utils/string_utils.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/utils/string_utils.h b/include/utils/string_utils.h index 7eb5ebc..543a8ff 100644 --- a/include/utils/string_utils.h +++ b/include/utils/string_utils.h @@ -15,7 +15,7 @@ class container_cleaner { public: [[nodiscard]] explicit container_cleaner(T& secret) : _secret(secret) {} - ~container_cleaner() {OPENSSL_cleanse(&_secret[0], _secret.size());} + ~container_cleaner() {if (!_secret.empty()) OPENSSL_cleanse(_secret.data(), _secret.size());} container_cleaner(const container_cleaner&) = delete; container_cleaner& operator=(const container_cleaner&) = delete;