From 4f7d15508f6d6f27d73f4f439a8be00e307162e0 Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Sun, 9 Jan 2022 23:54:35 +0000
Subject: [PATCH 1/2] Avoid a warning by explicitly calling drop.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 src/rust/src/zip339_ffi.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/rust/src/zip339_ffi.rs b/src/rust/src/zip339_ffi.rs
index eeafa5bcd..852c10921 100644
--- a/src/rust/src/zip339_ffi.rs
+++ b/src/rust/src/zip339_ffi.rs
@@ -63,7 +63,7 @@ pub extern "C" fn zip339_free_phrase(phrase: *const c_char) {
     if !phrase.is_null() {
         unsafe {
             // It is correct to cast away const here; the memory is not actually immutable.
-            CString::from_raw(phrase as *mut c_char);
+            drop(CString::from_raw(phrase as *mut c_char));
         }
     }
 }

From 0e073a53ee9da8b832602774a431f9db249af9ce Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Mon, 10 Jan 2022 02:39:25 +0000
Subject: [PATCH 2/2] Replace call to drop with zeroization.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 Cargo.lock                 | 1 +
 Cargo.toml                 | 1 +
 src/rust/src/zip339_ffi.rs | 5 ++++-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/Cargo.lock b/Cargo.lock
index 72c516709..3398f845f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -815,6 +815,7 @@ dependencies = [
  "zcash_note_encryption",
  "zcash_primitives",
  "zcash_proofs",
+ "zeroize",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 6d9428b95..ff661db05 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -49,6 +49,7 @@ zcash_note_encryption = "0.1"
 zcash_primitives = "0.5"
 zcash_proofs = "0.5"
 ed25519-zebra = "3"
+zeroize = "1.4.2"
 
 # Metrics
 hyper = { version = "=0.14.2", default-features = false, features = ["server", "tcp", "http1"] }
diff --git a/src/rust/src/zip339_ffi.rs b/src/rust/src/zip339_ffi.rs
index 852c10921..32005c2db 100644
--- a/src/rust/src/zip339_ffi.rs
+++ b/src/rust/src/zip339_ffi.rs
@@ -4,6 +4,7 @@ use std::{
     ffi::{CStr, CString},
     ptr, slice,
 };
+use zeroize::Zeroize;
 
 use zcash_primitives::zip339;
 
@@ -63,7 +64,9 @@ pub extern "C" fn zip339_free_phrase(phrase: *const c_char) {
     if !phrase.is_null() {
         unsafe {
             // It is correct to cast away const here; the memory is not actually immutable.
-            drop(CString::from_raw(phrase as *mut c_char));
+            CString::from_raw(phrase as *mut c_char)
+                .into_bytes()
+                .zeroize();
         }
     }
 }