zero out plaintext buffers
Avoid leaving copies of the plaintext sitting around in the emscripten heap.
This commit is contained in:
parent
76610c0a3a
commit
8356fa37ad
3 changed files with 23 additions and 8 deletions
|
@ -64,7 +64,7 @@ InboundGroupSession.prototype['create'] = restore_stack(function(session_key) {
|
||||||
InboundGroupSession.prototype['decrypt'] = restore_stack(function(
|
InboundGroupSession.prototype['decrypt'] = restore_stack(function(
|
||||||
message
|
message
|
||||||
) {
|
) {
|
||||||
var message_buffer, plaintext_buffer;
|
var message_buffer, plaintext_buffer, plaintext_length;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
message_buffer = malloc(message.length);
|
message_buffer = malloc(message.length);
|
||||||
|
@ -80,7 +80,7 @@ InboundGroupSession.prototype['decrypt'] = restore_stack(function(
|
||||||
plaintext_buffer = malloc(max_plaintext_length + NULL_BYTE_PADDING_LENGTH);
|
plaintext_buffer = malloc(max_plaintext_length + NULL_BYTE_PADDING_LENGTH);
|
||||||
var message_index = stack(4);
|
var message_index = stack(4);
|
||||||
|
|
||||||
var plaintext_length = inbound_group_session_method(
|
plaintext_length = inbound_group_session_method(
|
||||||
Module["_olm_group_decrypt"]
|
Module["_olm_group_decrypt"]
|
||||||
)(
|
)(
|
||||||
this.ptr,
|
this.ptr,
|
||||||
|
@ -105,6 +105,8 @@ InboundGroupSession.prototype['decrypt'] = restore_stack(function(
|
||||||
free(message_buffer);
|
free(message_buffer);
|
||||||
}
|
}
|
||||||
if (plaintext_buffer !== undefined) {
|
if (plaintext_buffer !== undefined) {
|
||||||
|
// don't leave a copy of the plaintext in the heap.
|
||||||
|
bzero(plaintext_buffer, plaintext_length + NULL_BYTE_PADDING_LENGTH);
|
||||||
free(plaintext_buffer);
|
free(plaintext_buffer);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -64,9 +64,9 @@ OutboundGroupSession.prototype['create'] = restore_stack(function() {
|
||||||
});
|
});
|
||||||
|
|
||||||
OutboundGroupSession.prototype['encrypt'] = function(plaintext) {
|
OutboundGroupSession.prototype['encrypt'] = function(plaintext) {
|
||||||
var plaintext_buffer, message_buffer;
|
var plaintext_buffer, message_buffer, plaintext_length;
|
||||||
try {
|
try {
|
||||||
var plaintext_length = Module['lengthBytesUTF8'](plaintext);
|
plaintext_length = Module['lengthBytesUTF8'](plaintext);
|
||||||
|
|
||||||
var message_length = outbound_group_session_method(
|
var message_length = outbound_group_session_method(
|
||||||
Module['_olm_group_encrypt_message_length']
|
Module['_olm_group_encrypt_message_length']
|
||||||
|
@ -86,6 +86,8 @@ OutboundGroupSession.prototype['encrypt'] = function(plaintext) {
|
||||||
return Module['UTF8ToString'](message_buffer);
|
return Module['UTF8ToString'](message_buffer);
|
||||||
} finally {
|
} finally {
|
||||||
if (plaintext_buffer !== undefined) {
|
if (plaintext_buffer !== undefined) {
|
||||||
|
// don't leave a copy of the plaintext in the heap.
|
||||||
|
bzero(plaintext_buffer, plaintext_length + 1);
|
||||||
free(plaintext_buffer);
|
free(plaintext_buffer);
|
||||||
}
|
}
|
||||||
if (message_buffer !== undefined) {
|
if (message_buffer !== undefined) {
|
||||||
|
|
|
@ -42,6 +42,13 @@ function restore_stack(wrapped) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* set a memory area to zero */
|
||||||
|
function bzero(ptr, n) {
|
||||||
|
while(n-- > 0) {
|
||||||
|
Module['HEAP8'][ptr++] = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function Account() {
|
function Account() {
|
||||||
var size = Module['_olm_account_size']();
|
var size = Module['_olm_account_size']();
|
||||||
this.buf = malloc(size);
|
this.buf = malloc(size);
|
||||||
|
@ -299,7 +306,7 @@ Session.prototype['matches_inbound_from'] = restore_stack(function(
|
||||||
Session.prototype['encrypt'] = restore_stack(function(
|
Session.prototype['encrypt'] = restore_stack(function(
|
||||||
plaintext
|
plaintext
|
||||||
) {
|
) {
|
||||||
var plaintext_buffer, message_buffer;
|
var plaintext_buffer, message_buffer, plaintext_length;
|
||||||
try {
|
try {
|
||||||
var random_length = session_method(
|
var random_length = session_method(
|
||||||
Module['_olm_encrypt_random_length']
|
Module['_olm_encrypt_random_length']
|
||||||
|
@ -308,7 +315,7 @@ Session.prototype['encrypt'] = restore_stack(function(
|
||||||
Module['_olm_encrypt_message_type']
|
Module['_olm_encrypt_message_type']
|
||||||
)(this.ptr);
|
)(this.ptr);
|
||||||
|
|
||||||
var plaintext_length = Module['lengthBytesUTF8'](plaintext);
|
plaintext_length = Module['lengthBytesUTF8'](plaintext);
|
||||||
var message_length = session_method(
|
var message_length = session_method(
|
||||||
Module['_olm_encrypt_message_length']
|
Module['_olm_encrypt_message_length']
|
||||||
)(this.ptr, plaintext_length);
|
)(this.ptr, plaintext_length);
|
||||||
|
@ -334,6 +341,8 @@ Session.prototype['encrypt'] = restore_stack(function(
|
||||||
};
|
};
|
||||||
} finally {
|
} finally {
|
||||||
if (plaintext_buffer !== undefined) {
|
if (plaintext_buffer !== undefined) {
|
||||||
|
// don't leave a copy of the plaintext in the heap.
|
||||||
|
bzero(plaintext_buffer, plaintext_length + 1);
|
||||||
free(plaintext_buffer);
|
free(plaintext_buffer);
|
||||||
}
|
}
|
||||||
if (message_buffer !== undefined) {
|
if (message_buffer !== undefined) {
|
||||||
|
@ -345,13 +354,13 @@ Session.prototype['encrypt'] = restore_stack(function(
|
||||||
Session.prototype['decrypt'] = restore_stack(function(
|
Session.prototype['decrypt'] = restore_stack(function(
|
||||||
message_type, message
|
message_type, message
|
||||||
) {
|
) {
|
||||||
var message_buffer, plaintext_buffer;
|
var message_buffer, plaintext_buffer, max_pliantext_length;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
message_buffer = malloc(message.length);
|
message_buffer = malloc(message.length);
|
||||||
Module['writeAsciiToMemory'](message, message_buffer, true);
|
Module['writeAsciiToMemory'](message, message_buffer, true);
|
||||||
|
|
||||||
var max_plaintext_length = session_method(
|
max_plaintext_length = session_method(
|
||||||
Module['_olm_decrypt_max_plaintext_length']
|
Module['_olm_decrypt_max_plaintext_length']
|
||||||
)(this.ptr, message_type, message_buffer, message.length);
|
)(this.ptr, message_type, message_buffer, message.length);
|
||||||
|
|
||||||
|
@ -379,6 +388,8 @@ Session.prototype['decrypt'] = restore_stack(function(
|
||||||
free(message_buffer);
|
free(message_buffer);
|
||||||
}
|
}
|
||||||
if (plaintext_buffer !== undefined) {
|
if (plaintext_buffer !== undefined) {
|
||||||
|
// don't leave a copy of the plaintext in the heap.
|
||||||
|
bzero(plaintext_buffer, max_plaintext_length + NULL_BYTE_PADDING_LENGTH);
|
||||||
free(plaintext_buffer);
|
free(plaintext_buffer);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue