diff options
author | Richard van der Hoff <richard@matrix.org> | 2016-12-15 13:37:34 +0000 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2016-12-15 13:37:34 +0000 |
commit | 8356fa37adbe1662141f93cc749e4c2d05af9f7b (patch) | |
tree | fdb7b236b0e3eb1ba33703495cf40d59dfec23b9 /javascript | |
parent | 76610c0a3af57b600211ea38bc28bcccabc6a86c (diff) |
zero out plaintext buffers
Avoid leaving copies of the plaintext sitting around in the emscripten heap.
Diffstat (limited to 'javascript')
-rw-r--r-- | javascript/olm_inbound_group_session.js | 6 | ||||
-rw-r--r-- | javascript/olm_outbound_group_session.js | 6 | ||||
-rw-r--r-- | javascript/olm_post.js | 19 |
3 files changed, 23 insertions, 8 deletions
diff --git a/javascript/olm_inbound_group_session.js b/javascript/olm_inbound_group_session.js index 5815320..2e4727f 100644 --- a/javascript/olm_inbound_group_session.js +++ b/javascript/olm_inbound_group_session.js @@ -64,7 +64,7 @@ InboundGroupSession.prototype['create'] = restore_stack(function(session_key) { InboundGroupSession.prototype['decrypt'] = restore_stack(function( message ) { - var message_buffer, plaintext_buffer; + var message_buffer, plaintext_buffer, plaintext_length; try { message_buffer = malloc(message.length); @@ -80,7 +80,7 @@ InboundGroupSession.prototype['decrypt'] = restore_stack(function( plaintext_buffer = malloc(max_plaintext_length + NULL_BYTE_PADDING_LENGTH); var message_index = stack(4); - var plaintext_length = inbound_group_session_method( + plaintext_length = inbound_group_session_method( Module["_olm_group_decrypt"] )( this.ptr, @@ -105,6 +105,8 @@ InboundGroupSession.prototype['decrypt'] = restore_stack(function( free(message_buffer); } if (plaintext_buffer !== undefined) { + // don't leave a copy of the plaintext in the heap. + bzero(plaintext_buffer, plaintext_length + NULL_BYTE_PADDING_LENGTH); free(plaintext_buffer); } } diff --git a/javascript/olm_outbound_group_session.js b/javascript/olm_outbound_group_session.js index 01fee0b..0402c3c 100644 --- a/javascript/olm_outbound_group_session.js +++ b/javascript/olm_outbound_group_session.js @@ -64,9 +64,9 @@ OutboundGroupSession.prototype['create'] = restore_stack(function() { }); OutboundGroupSession.prototype['encrypt'] = function(plaintext) { - var plaintext_buffer, message_buffer; + var plaintext_buffer, message_buffer, plaintext_length; try { - var plaintext_length = Module['lengthBytesUTF8'](plaintext); + plaintext_length = Module['lengthBytesUTF8'](plaintext); var message_length = outbound_group_session_method( Module['_olm_group_encrypt_message_length'] @@ -86,6 +86,8 @@ OutboundGroupSession.prototype['encrypt'] = function(plaintext) { return Module['UTF8ToString'](message_buffer); } finally { if (plaintext_buffer !== undefined) { + // don't leave a copy of the plaintext in the heap. + bzero(plaintext_buffer, plaintext_length + 1); free(plaintext_buffer); } if (message_buffer !== undefined) { diff --git a/javascript/olm_post.js b/javascript/olm_post.js index 9820354..752279a 100644 --- a/javascript/olm_post.js +++ b/javascript/olm_post.js @@ -42,6 +42,13 @@ function restore_stack(wrapped) { } } +/* set a memory area to zero */ +function bzero(ptr, n) { + while(n-- > 0) { + Module['HEAP8'][ptr++] = 0; + } +} + function Account() { var size = Module['_olm_account_size'](); this.buf = malloc(size); @@ -299,7 +306,7 @@ Session.prototype['matches_inbound_from'] = restore_stack(function( Session.prototype['encrypt'] = restore_stack(function( plaintext ) { - var plaintext_buffer, message_buffer; + var plaintext_buffer, message_buffer, plaintext_length; try { var random_length = session_method( Module['_olm_encrypt_random_length'] @@ -308,7 +315,7 @@ Session.prototype['encrypt'] = restore_stack(function( Module['_olm_encrypt_message_type'] )(this.ptr); - var plaintext_length = Module['lengthBytesUTF8'](plaintext); + plaintext_length = Module['lengthBytesUTF8'](plaintext); var message_length = session_method( Module['_olm_encrypt_message_length'] )(this.ptr, plaintext_length); @@ -334,6 +341,8 @@ Session.prototype['encrypt'] = restore_stack(function( }; } finally { if (plaintext_buffer !== undefined) { + // don't leave a copy of the plaintext in the heap. + bzero(plaintext_buffer, plaintext_length + 1); free(plaintext_buffer); } if (message_buffer !== undefined) { @@ -345,13 +354,13 @@ Session.prototype['encrypt'] = restore_stack(function( Session.prototype['decrypt'] = restore_stack(function( message_type, message ) { - var message_buffer, plaintext_buffer; + var message_buffer, plaintext_buffer, max_pliantext_length; try { message_buffer = malloc(message.length); Module['writeAsciiToMemory'](message, message_buffer, true); - var max_plaintext_length = session_method( + max_plaintext_length = session_method( Module['_olm_decrypt_max_plaintext_length'] )(this.ptr, message_type, message_buffer, message.length); @@ -379,6 +388,8 @@ Session.prototype['decrypt'] = restore_stack(function( free(message_buffer); } if (plaintext_buffer !== undefined) { + // don't leave a copy of the plaintext in the heap. + bzero(plaintext_buffer, max_plaintext_length + NULL_BYTE_PADDING_LENGTH); free(plaintext_buffer); } } |