Avoid buffer overrun on encryption

Make sure we null-terminate encrypted strings before passing them to
UTF8ToString.

This used to work when we allocated the buffer on the stack, because it turns
out that allocate() zeroinits the returned memory. malloc(), of course, does
not.
This commit is contained in:
Richard van der Hoff 2016-12-16 14:42:41 +00:00
parent 7fd63bcac7
commit 8e554ab5ef
2 changed files with 16 additions and 0 deletions

View file

@ -83,6 +83,14 @@ OutboundGroupSession.prototype['encrypt'] = function(plaintext) {
plaintext_buffer, plaintext_length, plaintext_buffer, plaintext_length,
message_buffer, message_length message_buffer, message_length
); );
// UTF8ToString requires a null-terminated argument, so add the
// null terminator.
Module['setValue'](
message_buffer+message_length,
0, "i8"
);
return Module['UTF8ToString'](message_buffer); return Module['UTF8ToString'](message_buffer);
} finally { } finally {
if (plaintext_buffer !== undefined) { if (plaintext_buffer !== undefined) {

View file

@ -335,6 +335,14 @@ Session.prototype['encrypt'] = restore_stack(function(
random, random_length, random, random_length,
message_buffer, message_length message_buffer, message_length
); );
// UTF8ToString requires a null-terminated argument, so add the
// null terminator.
Module['setValue'](
message_buffer+message_length,
0, "i8"
);
return { return {
"type": message_type, "type": message_type,
"body": Module['UTF8ToString'](message_buffer), "body": Module['UTF8ToString'](message_buffer),