Avoid buffer overrun on encryption

Make sure we null-terminate encrypted strings before passing them to UTF8ToString. This used to work when we allocated the buffer on the stack, because it turns out that allocate() zeroinits the returned memory. malloc(), of course, does not.
2016-12-16 14:42:41 +00:00 · 2016-12-16 14:42:41 +00:00 · 8e554ab5ef
commit 8e554ab5ef
parent 7fd63bcac7
2 changed files with 16 additions and 0 deletions
--- a/javascript/olm_outbound_group_session.js
+++ b/javascript/olm_outbound_group_session.js
@ -83,6 +83,14 @@ OutboundGroupSession.prototype['encrypt'] = function(plaintext) {
            plaintext_buffer, plaintext_length,
            message_buffer, message_length
        );
+
+        // UTF8ToString requires a null-terminated argument, so add the
+        // null terminator.
+        Module['setValue'](
+            message_buffer+message_length,
+            0, "i8"
+        );
+
        return Module['UTF8ToString'](message_buffer);
    } finally {
        if (plaintext_buffer !== undefined) {
--- a/javascript/olm_post.js
+++ b/javascript/olm_post.js
@ -335,6 +335,14 @@ Session.prototype['encrypt'] = restore_stack(function(
            random, random_length,
            message_buffer, message_length
        );
+
+        // UTF8ToString requires a null-terminated argument, so add the
+        // null terminator.
+        Module['setValue'](
+            message_buffer+message_length,
+            0, "i8"
+        );
+
        return {
            "type": message_type,
            "body": Module['UTF8ToString'](message_buffer),