Avoid buffer overrun on encryption

Make sure we null-terminate encrypted strings before passing them to UTF8ToString. This used to work when we allocated the buffer on the stack, because it turns out that allocate() zeroinits the returned memory. malloc(), of course, does not.
author: Richard van der Hoff <richard@matrix.org> 2016-12-16 14:42:41 +0000
committer: Richard van der Hoff <richard@matrix.org> 2016-12-16 14:42:41 +0000
commit: 8e554ab5ef5a17c7eb271000217e036be07d88db (patch)
tree: e53c21d74558b47c7c20238d75d814273b399a82 /javascript/olm_post.js
parent: 7fd63bcac7110abd5a1eef927abc3184da68a35c (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/javascript/olm_post.js b/javascript/olm_post.js
index 3e80c0b..65eab02 100644
--- a/javascript/olm_post.js
+++ b/javascript/olm_post.js
@@ -335,6 +335,14 @@ Session.prototype['encrypt'] = restore_stack(function(
             random, random_length,
             message_buffer, message_length
         );
+
+        // UTF8ToString requires a null-terminated argument, so add the
+        // null terminator.
+        Module['setValue'](
+            message_buffer+message_length,
+            0, "i8"
+        );
+
         return {
             "type": message_type,
             "body": Module['UTF8ToString'](message_buffer),
author	Richard van der Hoff <richard@matrix.org>	2016-12-16 14:42:41 +0000
committer	Richard van der Hoff <richard@matrix.org>	2016-12-16 14:42:41 +0000
commit	8e554ab5ef5a17c7eb271000217e036be07d88db (patch)
tree	e53c21d74558b47c7c20238d75d814273b399a82 /javascript/olm_post.js
parent	7fd63bcac7110abd5a1eef927abc3184da68a35c (diff)