timoreo/olm
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Avoid buffer overrun on encryption

Browse source 
Make sure we null-terminate encrypted strings before passing them to
UTF8ToString.

This used to work when we allocated the buffer on the stack, because it turns
out that allocate() zeroinits the returned memory. malloc(), of course, does
not.
This commit is contained in:
Richard van der Hoff 2016-12-16 14:42:41 +00:00
parent 7fd63bcac7
commit 8e554ab5ef
2 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
javascript/olm_outbound_group_session.js
View file

@ -83,6 +83,14 @@ OutboundGroupSession.prototype['encrypt'] = function(plaintext) {
plaintext_buffer, plaintext_length, plaintext_buffer, plaintext_length,
message_buffer, message_length message_buffer, message_length
); );
// UTF8ToString requires a null-terminated argument, so add the
// null terminator.
Module['setValue'](
message_buffer+message_length,
0, "i8"
);
return Module['UTF8ToString'](message_buffer); return Module['UTF8ToString'](message_buffer);
} finally { } finally {
if (plaintext_buffer !== undefined) { if (plaintext_buffer !== undefined) {

8
javascript/olm_post.js
View file

@ -335,6 +335,14 @@ Session.prototype['encrypt'] = restore_stack(function(
random, random_length, random, random_length,
message_buffer, message_length message_buffer, message_length
); );
// UTF8ToString requires a null-terminated argument, so add the
// null terminator.
Module['setValue'](
message_buffer+message_length,
0, "i8"
);
return { return {
"type": message_type, "type": message_type,
"body": Module['UTF8ToString'](message_buffer), "body": Module['UTF8ToString'](message_buffer),