From 1d4c13c798639c925825c70150b138553f8dff49 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Mon, 5 Sep 2016 00:49:36 +0100 Subject: Fix megolm decryption of UTF-8 Repeat the fix from b10f90d for megolm messages. It turns out that the 'length' argument to 'Pointer_stringify' doesn't work if the input includes characters >= 128. Rather than try to figure out which methods can return UTF-8, and which always return plain ascii, replace all uses of Pointer_stringify with a 'length' argument with the version that expects a NULL-terminated input, and extend the buffer by a byte to allow space for a null-terminator. In the case of decrypt, we need to add the null ourself. Fixes https://github.com/vector-im/vector-web/issues/2078. --- javascript/olm_inbound_group_session.js | 22 ++++++++++++++++++---- javascript/olm_outbound_group_session.js | 22 ++++++++++++++-------- javascript/olm_post.js | 2 +- 3 files changed, 33 insertions(+), 13 deletions(-) diff --git a/javascript/olm_inbound_group_session.js b/javascript/olm_inbound_group_session.js index 9d526c4..aac2c70 100644 --- a/javascript/olm_inbound_group_session.js +++ b/javascript/olm_inbound_group_session.js @@ -1,3 +1,9 @@ +/* The 'length' argument to Pointer_stringify doesn't work if the input includes + * characters >= 128; we therefore need to add a NULL character to all of our + * strings. This acts as a symbolic constant to help show what we're doing. + */ +var NULL_BYTE_PADDING_LENGTH = 1; + function InboundGroupSession() { var size = Module['_olm_inbound_group_session_size'](); this.buf = malloc(size); @@ -28,11 +34,11 @@ InboundGroupSession.prototype['pickle'] = restore_stack(function(key) { Module['_olm_pickle_inbound_group_session_length'] )(this.ptr); var key_buffer = stack(key_array); - var pickle_buffer = stack(pickle_length); + var pickle_buffer = stack(pickle_length + NULL_BYTE_PADDING_LENGTH); inbound_group_session_method(Module['_olm_pickle_inbound_group_session'])( this.ptr, key_buffer, key_array.length, pickle_buffer, pickle_length ); - return Pointer_stringify(pickle_buffer, pickle_length); + return Pointer_stringify(pickle_buffer); }); InboundGroupSession.prototype['unpickle'] = restore_stack(function(key, pickle) { @@ -66,13 +72,21 @@ InboundGroupSession.prototype['decrypt'] = restore_stack(function( // caculating the length destroys the input buffer. // So we copy the array to a new buffer var message_buffer = stack(message_array); - var plaintext_buffer = stack(max_plaintext_length); + var plaintext_buffer = stack(max_plaintext_length + NULL_BYTE_PADDING_LENGTH); var plaintext_length = session_method(Module["_olm_group_decrypt"])( this.ptr, message_buffer, message_array.length, plaintext_buffer, max_plaintext_length ); - return Pointer_stringify(plaintext_buffer, plaintext_length); + + // Pointer_stringify requires a null-terminated argument (the optional + // 'len' argument doesn't work for UTF-8 data). + Module['setValue']( + plaintext_buffer+plaintext_length, + 0, "i8" + ); + + return Pointer_stringify(plaintext_buffer); }); olm_exports['InboundGroupSession'] = InboundGroupSession; diff --git a/javascript/olm_outbound_group_session.js b/javascript/olm_outbound_group_session.js index 277a882..e59c8bb 100644 --- a/javascript/olm_outbound_group_session.js +++ b/javascript/olm_outbound_group_session.js @@ -1,3 +1,9 @@ +/* The 'length' argument to Pointer_stringify doesn't work if the input includes + * characters >= 128; we therefore need to add a NULL character to all of our + * strings. This acts as a symbolic constant to help show what we're doing. + */ +var NULL_BYTE_PADDING_LENGTH = 1; + function OutboundGroupSession() { var size = Module['_olm_outbound_group_session_size'](); @@ -29,11 +35,11 @@ OutboundGroupSession.prototype['pickle'] = restore_stack(function(key) { Module['_olm_pickle_outbound_group_session_length'] )(this.ptr); var key_buffer = stack(key_array); - var pickle_buffer = stack(pickle_length); + var pickle_buffer = stack(pickle_length + NULL_BYTE_PADDING_LENGTH); outbound_group_session_method(Module['_olm_pickle_outbound_group_session'])( this.ptr, key_buffer, key_array.length, pickle_buffer, pickle_length ); - return Pointer_stringify(pickle_buffer, pickle_length); + return Pointer_stringify(pickle_buffer); }); OutboundGroupSession.prototype['unpickle'] = restore_stack(function(key, pickle) { @@ -63,35 +69,35 @@ OutboundGroupSession.prototype['encrypt'] = restore_stack(function(plaintext) { Module['_olm_group_encrypt_message_length'] )(this.ptr, plaintext_array.length); var plaintext_buffer = stack(plaintext_array); - var message_buffer = stack(message_length); + var message_buffer = stack(message_length + NULL_BYTE_PADDING_LENGTH); outbound_group_session_method(Module['_olm_group_encrypt'])( this.ptr, plaintext_buffer, plaintext_array.length, message_buffer, message_length ); - return Pointer_stringify(message_buffer, message_length); + return Pointer_stringify(message_buffer); }); OutboundGroupSession.prototype['session_id'] = restore_stack(function(key) { var length = outbound_group_session_method( Module['_olm_outbound_group_session_id_length'] )(this.ptr); - var session_id = stack(length); + var session_id = stack(length + NULL_BYTE_PADDING_LENGTH); outbound_group_session_method(Module['_olm_outbound_group_session_id'])( this.ptr, session_id, length ); - return Pointer_stringify(session_id, length); + return Pointer_stringify(session_id); }); OutboundGroupSession.prototype['session_key'] = restore_stack(function(key) { var key_length = outbound_group_session_method( Module['_olm_outbound_group_session_key_length'] )(this.ptr); - var key = stack(key_length); + var key = stack(key_length + NULL_BYTE_PADDING_LENGTH); outbound_group_session_method(Module['_olm_outbound_group_session_key'])( this.ptr, key, key_length ); - return Pointer_stringify(key, key_length); + return Pointer_stringify(key); }); OutboundGroupSession.prototype['message_index'] = function() { diff --git a/javascript/olm_post.js b/javascript/olm_post.js index 955d68d..dac89f6 100644 --- a/javascript/olm_post.js +++ b/javascript/olm_post.js @@ -5,7 +5,7 @@ var Pointer_stringify = Module['Pointer_stringify']; var OLM_ERROR = Module['_olm_error'](); /* The 'length' argument to Pointer_stringify doesn't work if the input includes - * cahracters >= 128; we therefore need to add a NULL character to all of our + * characters >= 128; we therefore need to add a NULL character to all of our * strings. This acts as a symbolic constant to help show what we're doing. */ var NULL_BYTE_PADDING_LENGTH = 1; -- cgit v1.2.3