From e1c6dc70ab90716b57ab992352618ad17343229f Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Tue, 13 Dec 2022 18:41:19 +0800
Subject: [PATCH] zeroize traffic buffers at drop

---
 src/traffic.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/traffic.rs b/src/traffic.rs
index 850524c..4324c1f 100644
--- a/src/traffic.rs
+++ b/src/traffic.rs
@@ -290,7 +290,13 @@ impl<'a> TrafIn<'a> {
             _ => ()
         }
     }
+}
 
+impl<'a> Drop for TrafIn<'a> {
+    fn drop(&mut self) {
+        // clear any decrypted content
+        self.buf.zeroize()
+    }
 }
 
 impl<'a> TrafOut<'a> {
@@ -399,6 +405,13 @@ impl<'a> TrafOut<'a> {
 
 }
 
+impl<'a> Drop for TrafOut<'a> {
+    fn drop(&mut self) {
+        // clear any pre-encryption content
+        self.buf.zeroize()
+    }
+}
+
 /// Convenience to pass TrafOut with keys
 pub(crate) struct TrafSend<'s, 'a> {
     out: &'s mut TrafOut<'a>,
-- 
GitLab