Avoid buffer overrun on encryption
Make sure we null-terminate encrypted strings before passing them to UTF8ToString. This used to work when we allocated the buffer on the stack, because it turns out that allocate() zeroinits the returned memory. malloc(), of course, does not.
This commit is contained in:
parent
7fd63bcac7
commit
8e554ab5ef
2 changed files with 16 additions and 0 deletions
|
@ -83,6 +83,14 @@ OutboundGroupSession.prototype['encrypt'] = function(plaintext) {
|
|||
plaintext_buffer, plaintext_length,
|
||||
message_buffer, message_length
|
||||
);
|
||||
|
||||
// UTF8ToString requires a null-terminated argument, so add the
|
||||
// null terminator.
|
||||
Module['setValue'](
|
||||
message_buffer+message_length,
|
||||
0, "i8"
|
||||
);
|
||||
|
||||
return Module['UTF8ToString'](message_buffer);
|
||||
} finally {
|
||||
if (plaintext_buffer !== undefined) {
|
||||
|
|
|
@ -335,6 +335,14 @@ Session.prototype['encrypt'] = restore_stack(function(
|
|||
random, random_length,
|
||||
message_buffer, message_length
|
||||
);
|
||||
|
||||
// UTF8ToString requires a null-terminated argument, so add the
|
||||
// null terminator.
|
||||
Module['setValue'](
|
||||
message_buffer+message_length,
|
||||
0, "i8"
|
||||
);
|
||||
|
||||
return {
|
||||
"type": message_type,
|
||||
"body": Module['UTF8ToString'](message_buffer),
|
||||
|
|
Loading…
Reference in a new issue