aboutsummaryrefslogtreecommitdiff
path: root/javascript
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2016-12-15 13:37:34 +0000
committerRichard van der Hoff <richard@matrix.org>2016-12-15 13:37:34 +0000
commit8356fa37adbe1662141f93cc749e4c2d05af9f7b (patch)
treefdb7b236b0e3eb1ba33703495cf40d59dfec23b9 /javascript
parent76610c0a3af57b600211ea38bc28bcccabc6a86c (diff)
zero out plaintext buffers
Avoid leaving copies of the plaintext sitting around in the emscripten heap.
Diffstat (limited to 'javascript')
-rw-r--r--javascript/olm_inbound_group_session.js6
-rw-r--r--javascript/olm_outbound_group_session.js6
-rw-r--r--javascript/olm_post.js19
3 files changed, 23 insertions, 8 deletions
diff --git a/javascript/olm_inbound_group_session.js b/javascript/olm_inbound_group_session.js
index 5815320..2e4727f 100644
--- a/javascript/olm_inbound_group_session.js
+++ b/javascript/olm_inbound_group_session.js
@@ -64,7 +64,7 @@ InboundGroupSession.prototype['create'] = restore_stack(function(session_key) {
InboundGroupSession.prototype['decrypt'] = restore_stack(function(
message
) {
- var message_buffer, plaintext_buffer;
+ var message_buffer, plaintext_buffer, plaintext_length;
try {
message_buffer = malloc(message.length);
@@ -80,7 +80,7 @@ InboundGroupSession.prototype['decrypt'] = restore_stack(function(
plaintext_buffer = malloc(max_plaintext_length + NULL_BYTE_PADDING_LENGTH);
var message_index = stack(4);
- var plaintext_length = inbound_group_session_method(
+ plaintext_length = inbound_group_session_method(
Module["_olm_group_decrypt"]
)(
this.ptr,
@@ -105,6 +105,8 @@ InboundGroupSession.prototype['decrypt'] = restore_stack(function(
free(message_buffer);
}
if (plaintext_buffer !== undefined) {
+ // don't leave a copy of the plaintext in the heap.
+ bzero(plaintext_buffer, plaintext_length + NULL_BYTE_PADDING_LENGTH);
free(plaintext_buffer);
}
}
diff --git a/javascript/olm_outbound_group_session.js b/javascript/olm_outbound_group_session.js
index 01fee0b..0402c3c 100644
--- a/javascript/olm_outbound_group_session.js
+++ b/javascript/olm_outbound_group_session.js
@@ -64,9 +64,9 @@ OutboundGroupSession.prototype['create'] = restore_stack(function() {
});
OutboundGroupSession.prototype['encrypt'] = function(plaintext) {
- var plaintext_buffer, message_buffer;
+ var plaintext_buffer, message_buffer, plaintext_length;
try {
- var plaintext_length = Module['lengthBytesUTF8'](plaintext);
+ plaintext_length = Module['lengthBytesUTF8'](plaintext);
var message_length = outbound_group_session_method(
Module['_olm_group_encrypt_message_length']
@@ -86,6 +86,8 @@ OutboundGroupSession.prototype['encrypt'] = function(plaintext) {
return Module['UTF8ToString'](message_buffer);
} finally {
if (plaintext_buffer !== undefined) {
+ // don't leave a copy of the plaintext in the heap.
+ bzero(plaintext_buffer, plaintext_length + 1);
free(plaintext_buffer);
}
if (message_buffer !== undefined) {
diff --git a/javascript/olm_post.js b/javascript/olm_post.js
index 9820354..752279a 100644
--- a/javascript/olm_post.js
+++ b/javascript/olm_post.js
@@ -42,6 +42,13 @@ function restore_stack(wrapped) {
}
}
+/* set a memory area to zero */
+function bzero(ptr, n) {
+ while(n-- > 0) {
+ Module['HEAP8'][ptr++] = 0;
+ }
+}
+
function Account() {
var size = Module['_olm_account_size']();
this.buf = malloc(size);
@@ -299,7 +306,7 @@ Session.prototype['matches_inbound_from'] = restore_stack(function(
Session.prototype['encrypt'] = restore_stack(function(
plaintext
) {
- var plaintext_buffer, message_buffer;
+ var plaintext_buffer, message_buffer, plaintext_length;
try {
var random_length = session_method(
Module['_olm_encrypt_random_length']
@@ -308,7 +315,7 @@ Session.prototype['encrypt'] = restore_stack(function(
Module['_olm_encrypt_message_type']
)(this.ptr);
- var plaintext_length = Module['lengthBytesUTF8'](plaintext);
+ plaintext_length = Module['lengthBytesUTF8'](plaintext);
var message_length = session_method(
Module['_olm_encrypt_message_length']
)(this.ptr, plaintext_length);
@@ -334,6 +341,8 @@ Session.prototype['encrypt'] = restore_stack(function(
};
} finally {
if (plaintext_buffer !== undefined) {
+ // don't leave a copy of the plaintext in the heap.
+ bzero(plaintext_buffer, plaintext_length + 1);
free(plaintext_buffer);
}
if (message_buffer !== undefined) {
@@ -345,13 +354,13 @@ Session.prototype['encrypt'] = restore_stack(function(
Session.prototype['decrypt'] = restore_stack(function(
message_type, message
) {
- var message_buffer, plaintext_buffer;
+ var message_buffer, plaintext_buffer, max_pliantext_length;
try {
message_buffer = malloc(message.length);
Module['writeAsciiToMemory'](message, message_buffer, true);
- var max_plaintext_length = session_method(
+ max_plaintext_length = session_method(
Module['_olm_decrypt_max_plaintext_length']
)(this.ptr, message_type, message_buffer, message.length);
@@ -379,6 +388,8 @@ Session.prototype['decrypt'] = restore_stack(function(
free(message_buffer);
}
if (plaintext_buffer !== undefined) {
+ // don't leave a copy of the plaintext in the heap.
+ bzero(plaintext_buffer, max_plaintext_length + NULL_BYTE_PADDING_LENGTH);
free(plaintext_buffer);
}
}