From 1eeca53812f45299545b5b218a290ffd3a54b4ed Mon Sep 17 00:00:00 2001
From: Michael Eischer <michael.eischer@fau.de>
Date: Mon, 4 Jan 2021 19:11:42 +0100
Subject: [PATCH] Try to zero htpasswd cache entries before deletion

---
 htpasswd.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/htpasswd.go b/htpasswd.go
index 3e257ef..af27147 100644
--- a/htpasswd.go
+++ b/htpasswd.go
@@ -120,8 +120,11 @@ func (h *HtpasswdFile) expiryTimer() {
 		time.Sleep(5 * time.Second)
 		now := time.Now()
 		h.mutex.Lock()
+		var zeros [sha256.Size]byte
+		// try to wipe expired cache entries
 		for user, entry := range h.cache {
 			if entry.expiry.After(now) {
+				copy(entry.verifier, zeros[:])
 				delete(h.cache, user)
 			}
 		}
@@ -159,7 +162,13 @@ func (h *HtpasswdFile) Reload() error {
 
 	// Replace the Users map
 	h.mutex.Lock()
+	var zeros [sha256.Size]byte
+	// try to wipe the old cache entries
+	for _, entry := range h.cache {
+		copy(entry.verifier, zeros[:])
+	}
 	h.cache = make(map[string]cacheEntry)
+
 	h.users = users
 	h.mutex.Unlock()