timoreo/olm
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

zero out plaintext buffers

Browse source 
Avoid leaving copies of the plaintext sitting around in the emscripten heap.
This commit is contained in:
Richard van der Hoff 2016-12-15 13:37:34 +00:00
parent 76610c0a3a
commit 8356fa37ad
3 changed files with 23 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
javascript/olm_inbound_group_session.js
View file

@ -64,7 +64,7 @@ InboundGroupSession.prototype['create'] = restore_stack(function(session_key) {
InboundGroupSession.prototype['decrypt'] = restore_stack(function( InboundGroupSession.prototype['decrypt'] = restore_stack(function(
message message
) { ) {
var message_buffer, plaintext_buffer; var message_buffer, plaintext_buffer, plaintext_length;
try { try {
message_buffer = malloc(message.length); message_buffer = malloc(message.length);
@ -80,7 +80,7 @@ InboundGroupSession.prototype['decrypt'] = restore_stack(function(
plaintext_buffer = malloc(max_plaintext_length + NULL_BYTE_PADDING_LENGTH); plaintext_buffer = malloc(max_plaintext_length + NULL_BYTE_PADDING_LENGTH);
var message_index = stack(4); var message_index = stack(4);
var plaintext_length = inbound_group_session_method( plaintext_length = inbound_group_session_method(
Module["_olm_group_decrypt"] Module["_olm_group_decrypt"]
)( )(
this.ptr, this.ptr,
@ -105,6 +105,8 @@ InboundGroupSession.prototype['decrypt'] = restore_stack(function(
free(message_buffer); free(message_buffer);
} }
if (plaintext_buffer !== undefined) { if (plaintext_buffer !== undefined) {
// don't leave a copy of the plaintext in the heap.
bzero(plaintext_buffer, plaintext_length + NULL_BYTE_PADDING_LENGTH);
free(plaintext_buffer); free(plaintext_buffer);
} }
} }

6
javascript/olm_outbound_group_session.js
View file

@ -64,9 +64,9 @@ OutboundGroupSession.prototype['create'] = restore_stack(function() {
}); });
OutboundGroupSession.prototype['encrypt'] = function(plaintext) { OutboundGroupSession.prototype['encrypt'] = function(plaintext) {
var plaintext_buffer, message_buffer; var plaintext_buffer, message_buffer, plaintext_length;
try { try {
var plaintext_length = Module['lengthBytesUTF8'](plaintext); plaintext_length = Module['lengthBytesUTF8'](plaintext);
var message_length = outbound_group_session_method( var message_length = outbound_group_session_method(
Module['_olm_group_encrypt_message_length'] Module['_olm_group_encrypt_message_length']
@ -86,6 +86,8 @@ OutboundGroupSession.prototype['encrypt'] = function(plaintext) {
return Module['UTF8ToString'](message_buffer); return Module['UTF8ToString'](message_buffer);
} finally { } finally {
if (plaintext_buffer !== undefined) { if (plaintext_buffer !== undefined) {
// don't leave a copy of the plaintext in the heap.
bzero(plaintext_buffer, plaintext_length + 1);
free(plaintext_buffer); free(plaintext_buffer);
} }
if (message_buffer !== undefined) { if (message_buffer !== undefined) {

19
javascript/olm_post.js
View file

@ -42,6 +42,13 @@ function restore_stack(wrapped) {
} }
} }
/* set a memory area to zero */
function bzero(ptr, n) {
while(n-- > 0) {
Module['HEAP8'][ptr++] = 0;
}
}
function Account() { function Account() {
var size = Module['_olm_account_size'](); var size = Module['_olm_account_size']();
this.buf = malloc(size); this.buf = malloc(size);
@ -299,7 +306,7 @@ Session.prototype['matches_inbound_from'] = restore_stack(function(
Session.prototype['encrypt'] = restore_stack(function( Session.prototype['encrypt'] = restore_stack(function(
plaintext plaintext
) { ) {
var plaintext_buffer, message_buffer; var plaintext_buffer, message_buffer, plaintext_length;
try { try {
var random_length = session_method( var random_length = session_method(
Module['_olm_encrypt_random_length'] Module['_olm_encrypt_random_length']
@ -308,7 +315,7 @@ Session.prototype['encrypt'] = restore_stack(function(
Module['_olm_encrypt_message_type'] Module['_olm_encrypt_message_type']
)(this.ptr); )(this.ptr);
var plaintext_length = Module['lengthBytesUTF8'](plaintext); plaintext_length = Module['lengthBytesUTF8'](plaintext);
var message_length = session_method( var message_length = session_method(
Module['_olm_encrypt_message_length'] Module['_olm_encrypt_message_length']
)(this.ptr, plaintext_length); )(this.ptr, plaintext_length);
@ -334,6 +341,8 @@ Session.prototype['encrypt'] = restore_stack(function(
}; };
} finally { } finally {
if (plaintext_buffer !== undefined) { if (plaintext_buffer !== undefined) {
// don't leave a copy of the plaintext in the heap.
bzero(plaintext_buffer, plaintext_length + 1);
free(plaintext_buffer); free(plaintext_buffer);
} }
if (message_buffer !== undefined) { if (message_buffer !== undefined) {
@ -345,13 +354,13 @@ Session.prototype['encrypt'] = restore_stack(function(
Session.prototype['decrypt'] = restore_stack(function( Session.prototype['decrypt'] = restore_stack(function(
message_type, message message_type, message
) { ) {
var message_buffer, plaintext_buffer; var message_buffer, plaintext_buffer, max_pliantext_length;
try { try {
message_buffer = malloc(message.length); message_buffer = malloc(message.length);
Module['writeAsciiToMemory'](message, message_buffer, true); Module['writeAsciiToMemory'](message, message_buffer, true);
var max_plaintext_length = session_method( max_plaintext_length = session_method(
Module['_olm_decrypt_max_plaintext_length'] Module['_olm_decrypt_max_plaintext_length']
)(this.ptr, message_type, message_buffer, message.length); )(this.ptr, message_type, message_buffer, message.length);
@ -379,6 +388,8 @@ Session.prototype['decrypt'] = restore_stack(function(
free(message_buffer); free(message_buffer);
} }
if (plaintext_buffer !== undefined) { if (plaintext_buffer !== undefined) {
// don't leave a copy of the plaintext in the heap.
bzero(plaintext_buffer, max_plaintext_length + NULL_BYTE_PADDING_LENGTH);
free(plaintext_buffer); free(plaintext_buffer);
} }
} }